From 685a75f07d53f4f4d6160ec0120f7875d0abde08 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 5 Oct 2023 17:09:38 +0200 Subject: [PATCH 1/4] WIP: Container building changes --- .github/workflows/build.yml | 2 + .github/workflows/hadolint.yml | 3 +- .hadolint.yaml | 6 +- Cargo.lock | 497 ++++++++++++++---------- Cargo.toml | 41 +- docker/DockerSettings.yaml | 25 ++ docker/Dockerfile.alpine | 156 ++++++++ docker/Dockerfile.buildx | 34 -- docker/Dockerfile.debian | 179 +++++++++ docker/Dockerfile.j2 | 276 ++++++------- docker/Makefile | 18 +- docker/README.md | 8 +- docker/amd64/Dockerfile | 119 ------ docker/amd64/Dockerfile.alpine | 116 ------ docker/amd64/Dockerfile.buildkit | 119 ------ docker/amd64/Dockerfile.buildkit.alpine | 116 ------ docker/arm64/Dockerfile | 141 ------- docker/arm64/Dockerfile.alpine | 118 ------ docker/arm64/Dockerfile.buildkit | 141 ------- docker/arm64/Dockerfile.buildkit.alpine | 118 ------ docker/armv6/Dockerfile | 141 ------- docker/armv6/Dockerfile.alpine | 120 ------ docker/armv6/Dockerfile.buildkit | 141 ------- docker/armv6/Dockerfile.buildkit.alpine | 120 ------ docker/armv7/Dockerfile | 141 ------- docker/armv7/Dockerfile.alpine | 118 ------ docker/armv7/Dockerfile.buildkit | 141 ------- docker/armv7/Dockerfile.buildkit.alpine | 118 ------ docker/docker-bake.hcl | 136 +++++++ docker/render_template | 20 +- hooks/README.md | 20 - hooks/arches.sh | 15 - hooks/build | 51 --- hooks/pre_build | 28 -- hooks/push | 111 ------ rust-toolchain.toml | 2 +- 36 files changed, 980 insertions(+), 2676 deletions(-) create mode 100644 docker/DockerSettings.yaml create mode 100644 docker/Dockerfile.alpine delete mode 100644 docker/Dockerfile.buildx create mode 100644 docker/Dockerfile.debian delete mode 100644 docker/amd64/Dockerfile delete mode 100644 docker/amd64/Dockerfile.alpine delete mode 100644 docker/amd64/Dockerfile.buildkit delete mode 100644 docker/amd64/Dockerfile.buildkit.alpine delete mode 100644 docker/arm64/Dockerfile delete mode 100644 docker/arm64/Dockerfile.alpine delete mode 100644 docker/arm64/Dockerfile.buildkit delete mode 100644 docker/arm64/Dockerfile.buildkit.alpine delete mode 100644 docker/armv6/Dockerfile delete mode 100644 docker/armv6/Dockerfile.alpine delete mode 100644 docker/armv6/Dockerfile.buildkit delete mode 100644 docker/armv6/Dockerfile.buildkit.alpine delete mode 100644 docker/armv7/Dockerfile delete mode 100644 docker/armv7/Dockerfile.alpine delete mode 100644 docker/armv7/Dockerfile.buildkit delete mode 100644 docker/armv7/Dockerfile.buildkit.alpine create mode 100644 docker/docker-bake.hcl delete mode 100644 hooks/README.md delete mode 100644 hooks/arches.sh delete mode 100755 hooks/build delete mode 100755 hooks/pre_build delete mode 100755 hooks/push diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9cb7143bb3..382194657a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,6 +12,7 @@ on: - "rustfmt.toml" - "diesel.toml" - "docker/Dockerfile.j2" + - "docker/DockerSettings.yaml" pull_request: paths: - ".github/workflows/build.yml" @@ -23,6 +24,7 @@ on: - "rustfmt.toml" - "diesel.toml" - "docker/Dockerfile.j2" + - "docker/DockerSettings.yaml" jobs: build: diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 5446700c86..5c47566522 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -16,7 +16,6 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 # End Checkout the repo - # Download hadolint - https://github.com/hadolint/hadolint/releases - name: Download hadolint shell: bash @@ -30,5 +29,5 @@ jobs: # Test Dockerfiles - name: Run hadolint shell: bash - run: git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint + run: hadolint docker/Dockerfile.{debian,alpine} # End Test Dockerfiles diff --git a/.hadolint.yaml b/.hadolint.yaml index e7387659d5..a4e08cd6e8 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -1,10 +1,12 @@ ignored: + # To prevent issues and make clear some images only work on linux/amd64, we ignore this + - DL3029 # disable explicit version for apt install - DL3008 # disable explicit version for apk install - DL3018 - # disable check for consecutive `RUN` instructions - - DL3059 + # Ignore shellcheck info message + - SC1091 trustedRegistries: - docker.io - ghcr.io diff --git a/Cargo.lock b/Cargo.lock index ddeabdd9eb..d04b6a084d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,11 +17,22 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "ahash" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", +] + [[package]] name = "aho-corasick" -version = "1.0.5" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c378d78423fdad8089616f827526ee33c19f2fddbd5de1629152c9593ba4783" +checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" dependencies = [ "memchr", ] @@ -41,6 +52,12 @@ dependencies = [ "alloc-no-stdlib", ] +[[package]] +name = "allocator-api2" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5" + [[package]] name = "android-tzdata" version = "0.1.1" @@ -58,9 +75,9 @@ dependencies = [ [[package]] name = "argon2" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2e554a8638bdc1e4eae9984845306cc95f8a9208ba8d49c3859fd958b46774d" +checksum = "17ba4cac0a46bc1d2912652a751c47f2a9f3a7fe89bcae2275d418f5270402f9" dependencies = [ "base64ct", "blake2", @@ -81,9 +98,9 @@ dependencies = [ [[package]] name = "async-compression" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d495b6dc0184693324491a5ac05f559acc97bf937ab31d7a1c33dd0016be6d2b" +checksum = "bb42b2197bf15ccb092b62c74515dbd8b86d0effd934795f6687c93b6e679a2c" dependencies = [ "brotli", "flate2", @@ -95,14 +112,14 @@ dependencies = [ [[package]] name = "async-executor" -version = "1.5.1" +version = "1.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fa3dc5f2a8564f07759c008b9109dc0d39de92a88d5588b8a5036d286383afb" +checksum = "2c1da3ae8dabd9c00f453a329dfe1fb28da3c0a72e2478cdcd93171740c20499" dependencies = [ "async-lock", "async-task", "concurrent-queue", - "fastrand 1.9.0", + "fastrand 2.0.1", "futures-lite", "slab", ] @@ -136,7 +153,7 @@ dependencies = [ "log", "parking", "polling", - "rustix 0.37.23", + "rustix 0.37.24", "slab", "socket2 0.4.9", "waker-fn", @@ -164,7 +181,7 @@ dependencies = [ "cfg-if", "event-listener", "futures-lite", - "rustix 0.37.23", + "rustix 0.37.24", "signal-hook", "windows-sys", ] @@ -215,14 +232,14 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "async-task" -version = "4.4.0" +version = "4.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc7ab41815b3c653ccd2978ec3255c81349336702dfdf62ee6f7069b12a3aae" +checksum = "b9441c6b2fe128a7c2bf680a44c34d0df31ce09e5b7e401fcca3faa483dbc921" [[package]] name = "async-trait" @@ -232,7 +249,7 @@ checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -241,11 +258,20 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba" +[[package]] +name = "atomic" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994" +dependencies = [ + "bytemuck", +] + [[package]] name = "atomic-waker" -version = "1.1.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" @@ -276,9 +302,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.21.3" +version = "0.21.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414dcefbc63d77c526a76b3afcf6fbb9b5e2791c19c3aa2297733208750c6e53" +checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" [[package]] name = "base64ct" @@ -324,24 +350,25 @@ dependencies = [ [[package]] name = "blocking" -version = "1.3.1" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +checksum = "94c4ef1f913d78636d78d538eec1f18de81e481f44b1be0a81060090530846e1" dependencies = [ "async-channel", "async-lock", "async-task", - "atomic-waker", - "fastrand 1.9.0", + "fastrand 2.0.1", + "futures-io", "futures-lite", - "log", + "piper", + "tracing", ] [[package]] name = "brotli" -version = "3.3.4" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1a0b1dbcc8ae29329621f8d4f0d835787c1c38bb1401979b49d13b0b305ff68" +checksum = "516074a47ef4bce09577a3b379392300159ce5b1ba2e501ff1c819950066100f" dependencies = [ "alloc-no-stdlib", "alloc-stdlib", @@ -350,9 +377,9 @@ dependencies = [ [[package]] name = "brotli-decompressor" -version = "2.3.4" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b6561fd3f895a11e8f72af2cb7d22e08366bebc2b6b57f7744c4bda27034744" +checksum = "da74e2b81409b1b743f8f0c62cc6254afefb8b8e50bbfe3735550f7aeefa3448" dependencies = [ "alloc-no-stdlib", "alloc-stdlib", @@ -360,9 +387,15 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.13.0" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "bytemuck" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" +checksum = "374d28ec25809ee0e23827c2ab573d729e293f281dfe393500e7ad618baa61c6" [[package]] name = "byteorder" @@ -372,21 +405,22 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "bytes" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" +checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cached" -version = "0.44.0" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b195e4fbc4b6862bbd065b991a34750399c119797efff72492f28a5864de8700" +checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5" dependencies = [ + "ahash", "async-trait", "cached_proc_macro", "cached_proc_macro_types", "futures", - "hashbrown 0.13.2", + "hashbrown 0.14.1", "instant", "once_cell", "thiserror", @@ -395,11 +429,10 @@ dependencies = [ [[package]] name = "cached_proc_macro" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b48814962d2fd604c50d2b9433c2a41a0ab567779ee2c02f7fba6eca1221f082" +checksum = "7da8245dd5f576a41c3b76247b54c15b0e43139ceeb4f732033e15be7c005176" dependencies = [ - "cached_proc_macro_types", "darling", "proc-macro2", "quote", @@ -429,9 +462,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.28" +version = "0.4.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95ed24df0632f708f5f6d8082675bef2596f7084dee3dd55f632290bf35bfe0f" +checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38" dependencies = [ "android-tzdata", "iana-time-zone", @@ -464,9 +497,9 @@ dependencies = [ [[package]] name = "concurrent-queue" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62ec6771ecfa0762d24683ee5a32ad78487a3d3afdc0fb8cae19d2c5deb50b7c" +checksum = "f057a694a54f12365049b0958a1685bb52d567f5593b355fbf685838e873d400" dependencies = [ "crossbeam-utils", ] @@ -633,7 +666,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" dependencies = [ "cfg-if", - "hashbrown 0.14.0", + "hashbrown 0.14.1", "lock_api", "once_cell", "parking_lot_core", @@ -687,14 +720,14 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "diesel" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d98235fdc2f355d330a8244184ab6b4b33c28679c0b4158f63138e51d6cf7e88" +checksum = "53c8a2cb22327206568569e5a45bb5a2c946455efdd76e24d15b7e82171af95e" dependencies = [ "bitflags 2.4.0", "byteorder", @@ -712,14 +745,14 @@ dependencies = [ [[package]] name = "diesel_derives" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e054665eaf6d97d1e7125512bb2d35d07c73ac86cc6920174cb42d1ab697a554" +checksum = "ef8337737574f55a468005a83499da720f20c65586241ffea339db9ecdfd2b44" dependencies = [ "diesel_table_macro_syntax", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -749,7 +782,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc5557efc453706fed5e4fa85006fe9817c224c3f480a34c7e5959fd700921c5" dependencies = [ - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -781,7 +814,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbfb21b9878cf7a348dcb8559109aabc0ec40d69924bd706fa5149846c4fef75" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", "memchr", ] @@ -805,14 +838,14 @@ dependencies = [ [[package]] name = "enum-as-inner" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" +checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" dependencies = [ "heck", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.37", ] [[package]] @@ -823,9 +856,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.3" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +checksum = "add4f07d43996f76ef320709726a556a9d4f965d9410d8d0271132d2f8293480" dependencies = [ "errno-dragonfly", "libc", @@ -868,9 +901,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" [[package]] name = "fern" @@ -886,14 +919,14 @@ dependencies = [ [[package]] name = "figment" -version = "0.10.10" +version = "0.10.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4547e226f4c9ab860571e070a9034192b3175580ecea38da34fcdb53a018c9a5" +checksum = "a014ac935975a70ad13a3bff2463b1c1b083b35ae4cb6309cfc59476aa7a181f" dependencies = [ - "atomic", + "atomic 0.6.0", "pear", "serde", - "toml", + "toml 0.8.2", "uncased", "version_check", ] @@ -1009,7 +1042,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -1151,9 +1184,9 @@ checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "handlebars" -version = "4.3.7" +version = "4.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c3372087601b532857d332f5957cbae686da52bb7810bf038c3e3c3cc2fa0d" +checksum = "c39b3bc2a8f715298032cf5087e58573809374b08160aa7d750582bdb82d2683" dependencies = [ "log", "pest", @@ -1172,15 +1205,13 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.13.2" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" - -[[package]] -name = "hashbrown" -version = "0.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a" +checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" +dependencies = [ + "ahash", + "allocator-api2", +] [[package]] name = "heck" @@ -1190,9 +1221,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" +checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" [[package]] name = "hmac" @@ -1203,6 +1234,15 @@ dependencies = [ "digest", ] +[[package]] +name = "home" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +dependencies = [ + "windows-sys", +] + [[package]] name = "hostname" version = "0.3.1" @@ -1367,12 +1407,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.0.0" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" +checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" dependencies = [ "equivalent", - "hashbrown 0.14.0", + "hashbrown 0.14.1", ] [[package]] @@ -1407,7 +1447,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2 0.5.3", + "socket2 0.5.4", "widestring", "windows-sys", "winreg", @@ -1426,7 +1466,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.11", + "rustix 0.38.17", "windows-sys", ] @@ -1468,7 +1508,7 @@ version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", "pem", "ring", "serde", @@ -1499,7 +1539,7 @@ checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d" dependencies = [ "async-std", "async-trait", - "base64 0.21.3", + "base64 0.21.4", "email-encoding", "email_address", "fastrand 1.9.0", @@ -1522,15 +1562,15 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.147" +version = "0.2.148" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" [[package]] name = "libmimalloc-sys" -version = "0.1.34" +version = "0.1.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25d058a81af0d1c22d7a1c948576bee6d673f7af3c0f35564abd6c81122f513d" +checksum = "3979b5c37ece694f1f5e51e7ecc871fdb0f517ed04ee45f88d15d6d553cb9664" dependencies = [ "cc", "libc", @@ -1561,9 +1601,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.5" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503" +checksum = "3852614a3bd9ca9804678ba6be5e3b8ce76dfc902cae004e3e0c44051b6e88db" [[package]] name = "lock_api" @@ -1640,9 +1680,9 @@ checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" [[package]] name = "memchr" -version = "2.6.2" +version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5486aed0026218e61b8a01d5fbd5a0a134649abb71a0e53b7bc088529dced86e" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] name = "migrations_internals" @@ -1651,7 +1691,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f23f71580015254b020e856feac3df5878c2c7a8812297edd6c0a485ac9dada" dependencies = [ "serde", - "toml", + "toml 0.7.8", ] [[package]] @@ -1667,9 +1707,9 @@ dependencies = [ [[package]] name = "mimalloc" -version = "0.1.38" +version = "0.1.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "972e5f23f6716f62665760b0f4cbf592576a80c7b879ba9beaafc0e558894127" +checksum = "fa01922b5ea280a911e323e4d2fd24b7fe5cc4042e0d2cda3c40775cdc4bdc9c" dependencies = [ "libmimalloc-sys", ] @@ -1805,7 +1845,7 @@ checksum = "9e6a0fd4f737c707bd9086cc16c925f294943eb62eb71499e9fd4cf71f8b9f4e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -1848,9 +1888,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.0" +version = "0.32.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ac5bbd07aea88c60a577a1ce218075ffd59208b2d7ca97adf9bfc5aeb21ebe" +checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" dependencies = [ "memchr", ] @@ -1884,7 +1924,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -1895,9 +1935,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-src" -version = "111.27.0+1.1.1v" +version = "111.28.0+1.1.1w" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06e8f197c82d7511c5b014030c9b1efeda40d7d5f99d23b4ceed3524a5e63f02" +checksum = "3ce95ee1f6f999dfb95b8afd43ebe442758ea2104d1ccb99a94c30db22ae701f" dependencies = [ "cc", ] @@ -1923,9 +1963,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14f2252c834a40ed9bb5422029649578e63aa341ac401f74e719dd1afda8394e" +checksum = "e52c774a4c39359c1d1c52e43f73dd91a75a614652c825408eec30c95a9b2067" [[package]] name = "parking_lot" @@ -1996,7 +2036,7 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -2016,9 +2056,9 @@ checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" [[package]] name = "pest" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a4d085fd991ac8d5b05a147b437791b4260b76326baf0fc60cf7c9c27ecd33" +checksum = "c022f1e7b65d6a24c0dbbd5fb344c66881bc01f3e5ae74a1c8100f2f985d98a4" dependencies = [ "memchr", "thiserror", @@ -2027,9 +2067,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bee7be22ce7918f641a33f08e3f43388c7656772244e2bbb2477f44cc9021a" +checksum = "35513f630d46400a977c4cb58f78e1bfbe01434316e60c37d27b9ad6139c66d8" dependencies = [ "pest", "pest_generator", @@ -2037,22 +2077,22 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1511785c5e98d79a05e8a6bc34b4ac2168a0e3e92161862030ad84daa223141" +checksum = "bc9fc1b9e7057baba189b5c626e2d6f40681ae5b6eb064dc7c7834101ec8123a" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "pest_meta" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f" +checksum = "1df74e9e7ec4053ceb980e7c0c8bd3594e977fde1af91daba9c928e8e8c6708d" dependencies = [ "once_cell", "pest", @@ -2115,6 +2155,17 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "piper" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" +dependencies = [ + "atomic-waker", + "fastrand 2.0.1", + "futures-io", +] + [[package]] name = "pkg-config" version = "0.3.27" @@ -2154,9 +2205,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.67" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" dependencies = [ "unicode-ident", ] @@ -2169,7 +2220,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", "version_check", "yansi 1.0.0-rc.1", ] @@ -2303,18 +2354,18 @@ checksum = "7f7473c2cfcf90008193dd0e3e16599455cb601a9fce322b5bb55de799664925" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "regex" -version = "1.9.4" +version = "1.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12de2eff854e5fa4b1295edd650e227e9d8fb0c9e90b12e7f36d6a6811791a29" +checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.3.7", + "regex-automata 0.3.9", "regex-syntax 0.7.5", ] @@ -2329,9 +2380,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.7" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49530408a136e16e5b486e883fbb6ba058e8e4e8ae6621a77b048b314336e629" +checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" dependencies = [ "aho-corasick", "memchr", @@ -2363,12 +2414,12 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.20" +version = "0.11.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1" +checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" dependencies = [ "async-compression", - "base64 0.21.3", + "base64 0.21.4", "bytes", "cookie 0.16.2", "cookie_store 0.16.2", @@ -2391,6 +2442,7 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", + "system-configuration", "tokio", "tokio-native-tls", "tokio-socks", @@ -2458,7 +2510,7 @@ source = "git+https://github.com/SergioBenitez/Rocket?rev=ce441b5f46fdf5cd99cb32 dependencies = [ "async-stream", "async-trait", - "atomic", + "atomic 0.5.3", "binascii", "bytes", "either", @@ -2500,7 +2552,7 @@ dependencies = [ "proc-macro2", "quote", "rocket_http", - "syn 2.0.29", + "syn 2.0.37", "unicode-xid", ] @@ -2571,9 +2623,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.37.23" +version = "0.37.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d69718bf81c6127a49dc64e44a742e8bb9213c0ff8869a22c308f84c1d4ab06" +checksum = "4279d76516df406a8bd37e7dff53fd37d1a093f997a3c34a5c21658c126db06d" dependencies = [ "bitflags 1.3.2", "errno", @@ -2585,14 +2637,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.11" +version = "0.38.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0c3dde1fc030af041adc40e79c0e7fbcf431dd24870053d187d7c66e4b87453" +checksum = "f25469e9ae0f3d0047ca8b93fc56843f38e6774f0914a107ff8b41be8be8e0b7" dependencies = [ "bitflags 2.4.0", "errno", "libc", - "linux-raw-sys 0.4.5", + "linux-raw-sys 0.4.8", "windows-sys", ] @@ -2614,14 +2666,14 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", ] [[package]] name = "rustls-webpki" -version = "0.101.4" +version = "0.101.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" dependencies = [ "ring", "untrusted", @@ -2713,9 +2765,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.18" +version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" +checksum = "ad977052201c6de01a8ef2aa3378c4bd23217a056337d1d6da40468d267a4fb0" [[package]] name = "serde" @@ -2744,14 +2796,14 @@ checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "serde_json" -version = "1.0.105" +version = "1.0.107" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360" +checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" dependencies = [ "itoa", "ryu", @@ -2792,9 +2844,9 @@ dependencies = [ [[package]] name = "sha1" -version = "0.10.5" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", @@ -2803,9 +2855,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.7" +version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", @@ -2814,9 +2866,9 @@ dependencies = [ [[package]] name = "sharded-slab" -version = "0.1.4" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" dependencies = [ "lazy_static", ] @@ -2869,9 +2921,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" +checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" [[package]] name = "socket2" @@ -2885,9 +2937,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.3" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877" +checksum = "4031e820eb552adee9295814c0ced9e5cf38ddf1e8b7d566d6de8e2538ea989e" dependencies = [ "libc", "windows-sys", @@ -2948,9 +3000,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.29" +version = "2.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a" +checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" dependencies = [ "proc-macro2", "quote", @@ -2970,6 +3022,27 @@ dependencies = [ "time", ] +[[package]] +name = "system-configuration" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" +dependencies = [ + "bitflags 1.3.2", + "core-foundation", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "tempfile" version = "3.8.0" @@ -2977,30 +3050,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" dependencies = [ "cfg-if", - "fastrand 2.0.0", + "fastrand 2.0.1", "redox_syscall", - "rustix 0.38.11", + "rustix 0.38.17", "windows-sys", ] [[package]] name = "thiserror" -version = "1.0.47" +version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a802ec30afc17eee47b2855fc72e0c4cd62be9b4efe6591edde0ec5bd68d8f" +checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.47" +version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b" +checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -3024,9 +3097,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.28" +version = "0.3.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17f6bb557fd245c28e6411aa56b6403c689ad95061f50e4be16c274e70a17e48" +checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" dependencies = [ "deranged", "itoa", @@ -3039,15 +3112,15 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a942f44339478ef67935ab2bbaec2fb0322496cf3cbe84b261e06ac3814c572" +checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" dependencies = [ "time-core", ] @@ -3081,7 +3154,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.3", + "socket2 0.5.4", "tokio-macros", "windows-sys", ] @@ -3094,7 +3167,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -3154,9 +3227,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "806fe8c2c87eccc8b3267cbae29ed3ab2d0bd37fca70ab622e46aaa9375ddb7d" +checksum = "1d68074620f57a0b21594d9735eb2e98ab38b17f80d3fcb189fca266771ca60d" dependencies = [ "bytes", "futures-core", @@ -3168,14 +3241,26 @@ dependencies = [ [[package]] name = "toml" -version = "0.7.6" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd79e69d3b627db300ff956027cc6c3798cef26d22526befdfcd12feeb6d2257" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit 0.19.15", +] + +[[package]] +name = "toml" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" +checksum = "185d8ab0dfbb35cf1399a6344d8484209c088f75f8f68230da55d48d95d43e3d" dependencies = [ "serde", "serde_spanned", "toml_datetime", - "toml_edit", + "toml_edit 0.20.2", ] [[package]] @@ -3189,11 +3274,24 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.19.14" +version = "0.19.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" +dependencies = [ + "indexmap 2.0.2", + "serde", + "serde_spanned", + "toml_datetime", + "winnow", +] + +[[package]] +name = "toml_edit" +version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a" +checksum = "396e4d48bbb2b7554c944bde63101b5ae446cff6ec4a24227428f15eb72ef338" dependencies = [ - "indexmap 2.0.0", + "indexmap 2.0.2", "serde", "serde_spanned", "toml_datetime", @@ -3239,7 +3337,7 @@ checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -3283,9 +3381,9 @@ dependencies = [ [[package]] name = "trust-dns-proto" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f7f83d1e4a0e4358ac54c5c3681e5d7da5efc5a7a632c90bb6d6669ddd9bc26" +checksum = "0dc775440033cb114085f6f2437682b194fa7546466024b1037e82a48a052a69" dependencies = [ "async-trait", "cfg-if", @@ -3294,9 +3392,9 @@ dependencies = [ "futures-channel", "futures-io", "futures-util", - "idna 0.2.3", + "idna 0.4.0", "ipnet", - "lazy_static", + "once_cell", "rand", "smallvec", "thiserror", @@ -3308,16 +3406,17 @@ dependencies = [ [[package]] name = "trust-dns-resolver" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aff21aa4dcefb0a1afbfac26deb0adc93888c7d295fb63ab273ef276ba2b7cfe" +checksum = "2dff7aed33ef3e8bf2c9966fccdfed93f93d46f432282ea875cd66faabc6ef2f" dependencies = [ "cfg-if", "futures-util", "ipconfig", - "lazy_static", "lru-cache", + "once_cell", "parking_lot", + "rand", "resolv-conf", "smallvec", "thiserror", @@ -3353,15 +3452,15 @@ dependencies = [ [[package]] name = "typenum" -version = "1.16.0" +version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "ubyte" -version = "0.10.3" +version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c81f0dae7d286ad0d9366d7679a77934cfc3cf3a8d67e82669794412b2368fe6" +checksum = "f720def6ce1ee2fc44d40ac9ed6d3a59c361c80a75a7aa8e75bb9baed31cf2ea" dependencies = [ "serde", ] @@ -3390,9 +3489,9 @@ checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" [[package]] name = "unicode-ident" -version = "1.0.11" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" @@ -3488,6 +3587,7 @@ dependencies = [ "num-traits", "once_cell", "openssl", + "openssl-sys", "paste", "percent-encoding", "pico-args", @@ -3529,15 +3629,15 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "waker-fn" -version = "1.1.0" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" +checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690" [[package]] name = "walkdir" -version = "2.3.3" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698" +checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" dependencies = [ "same-file", "winapi-util", @@ -3579,7 +3679,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", "wasm-bindgen-shared", ] @@ -3613,7 +3713,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3668,13 +3768,14 @@ dependencies = [ [[package]] name = "which" -version = "4.4.0" +version = "4.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" dependencies = [ "either", - "libc", + "home", "once_cell", + "rustix 0.38.17", ] [[package]] @@ -3701,9 +3802,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" dependencies = [ "winapi", ] diff --git a/Cargo.toml b/Cargo.toml index ee3e789cee..55d36fc29b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,10 +72,10 @@ tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "p # A generic serialization/deserialization framework serde = { version = "1.0.188", features = ["derive"] } -serde_json = "1.0.105" +serde_json = "1.0.107" # A safe, extensible ORM and Query builder -diesel = { version = "2.1.1", features = ["chrono", "r2d2"] } +diesel = { version = "2.1.2", features = ["chrono", "r2d2"] } diesel_migrations = "2.1.0" diesel_logger = { version = "0.3.0", optional = true } @@ -90,9 +90,9 @@ ring = "0.16.20" uuid = { version = "1.4.1", features = ["v4"] } # Date and time libraries -chrono = { version = "0.4.28", features = ["clock", "serde"], default-features = false } +chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false } chrono-tz = "0.8.3" -time = "0.3.28" +time = "0.3.29" # Job scheduler job_scheduler_ng = "2.0.4" @@ -121,19 +121,19 @@ percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails email_address = "0.2.4" # HTML Template library -handlebars = { version = "4.3.7", features = ["dir_source"] } +handlebars = { version = "4.4.0", features = ["dir_source"] } # HTTP client (Used for favicons, version check, DUO and HIBP API) -reqwest = { version = "0.11.20", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] } +reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] } # Favicon extraction libraries html5gum = "0.5.7" -regex = { version = "1.9.4", features = ["std", "perf", "unicode-perl"], default-features = false } +regex = { version = "1.9.6", features = ["std", "perf", "unicode-perl"], default-features = false } data-url = "0.3.0" -bytes = "1.4.0" +bytes = "1.5.0" # Cache function results (Used for version check and favicon fetching) -cached = "0.44.0" +cached = { version = "0.46.0", features = ["async"] } # Used for custom short lived cookie jar during favicon extraction cookie = "0.16.2" @@ -150,34 +150,41 @@ paste = "1.0.14" governor = "0.6.0" # Check client versions for specific features. -semver = "1.0.18" +semver = "1.0.19" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow -mimalloc = { version = "0.1.38", features = ["secure"], default-features = false, optional = true } -which = "4.4.0" +mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true } +which = "4.4.2" # Argon2 library with support for the PHC format -argon2 = "0.5.1" +argon2 = "0.5.2" # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN rpassword = "7.2.0" +# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width +# It will force add a dynamically linked library which prevents the build from being static +openssl-sys = "=0.9.92" + + [patch.crates-io] rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch # rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch + # Strip debuginfo from the release builds # Also enable thin LTO for some optimizations [profile.release] strip = "debuginfo" lto = "thin" -# Always build argon2 using opt-level 3 -# This is a huge speed improvement during testing -[profile.dev.package.argon2] -opt-level = 3 # A little bit of a speedup [profile.dev] split-debuginfo = "unpacked" + +# Always build argon2 using opt-level 3 +# This is a huge speed improvement during testing +[profile.dev.package.argon2] +opt-level = 3 diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml new file mode 100644 index 0000000000..b0be283f74 --- /dev/null +++ b/docker/DockerSettings.yaml @@ -0,0 +1,25 @@ +--- +vault_version: "v2023.8.2" +vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" # v2023.8.2 +rust_version: 1.72.1 # Rust version to be used +debian_version: bookworm # Debian release name to be used +alpine_version: 3.18 # Alpine version to be used +# For which platforms/architectures will we try to build images +platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] +# Determine the build images per OS/Arch +build_stage_image: + debian: + image: "docker.io/library/rust:{{rust_version}}-slim-{{debian_version}}" + platform: "$BUILDPLATFORM" + alpine: + image: "build_${TARGETARCH}${TARGETVARIANT}" + platform: "linux/amd64" # The Alpine build images only have linux/amd64 images + arch_image: + amd64: "ghcr.io/blackdex/rust-musl:x86_64-musl-stable-{{rust_version}}" + arm64: "ghcr.io/blackdex/rust-musl:aarch64-musl-stable-{{rust_version}}" + armv7: "ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-{{rust_version}}" + armv6: "ghcr.io/blackdex/rust-musl:arm-musleabi-stable-{{rust_version}}" +# The final image which will be used to distribute the container images +runtime_stage_image: + debian: "docker.io/library/debian:{{debian_version}}-slim" + alpine: "docker.io/library/alpine:{{alpine_version}}" diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine new file mode 100644 index 0000000000..f9307e8928 --- /dev/null +++ b/docker/Dockerfile.alpine @@ -0,0 +1,156 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 +# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 +# [docker.io/vaultwarden/web-vault:v2023.8.2] +# +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault + +########################## ALPINE BUILD IMAGES ########################## +## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 +## And for Alpine we define all build images here, they will only be loaded when actually used +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.72.1 as build_amd64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.72.1 as build_arm64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.1 as build_armv7 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.72.1 as build_armv6 + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform=linux/amd64 build_${TARGETARCH}${TARGETVARIANT} as build +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" \ + # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 + # Debian Bookworm already contains libpq v15 + PQ_LIB_DIR="/usr/local/musl/pq15/lib" + + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + +# Shared variables across Debian and Alpine +RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ + # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi + +# Enable MiMalloc to improve performance on Alpine builds +ARG DB=sqlite,mysql,postgresql,enable_mimalloc + +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +# ARG CARGO_PROFILE=release +ARG CARGO_PROFILE=dev + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi + + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +# +# For these images to be able to built you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +FROM docker.io/library/alpine:3.18 + +ENV ROCKET_PROFILE="release" \ + ROCKET_ADDRESS=0.0.0.0 \ + ROCKET_PORT=80 \ + SSL_CERT_DIR=/etc/ssl/certs + +# Create data folder and Install needed libraries +RUN mkdir /data && \ + apk --no-cache add \ + ca-certificates \ + curl \ + openssl \ + tzdata + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +CMD ["/start.sh"] diff --git a/docker/Dockerfile.buildx b/docker/Dockerfile.buildx deleted file mode 100644 index c250312c94..0000000000 --- a/docker/Dockerfile.buildx +++ /dev/null @@ -1,34 +0,0 @@ -# syntax=docker/dockerfile:1 -# The cross-built images have the build arch (`amd64`) embedded in the image -# manifest, rather than the target arch. For example: -# -# $ docker inspect vaultwarden/server:latest-armv7 | jq -r '.[]|.Architecture' -# amd64 -# -# Recent versions of Docker have started printing a warning when the image's -# claimed arch doesn't match the host arch. For example: -# -# WARNING: The requested image's platform (linux/amd64) does not match the -# detected host platform (linux/arm/v7) and no specific platform was requested -# -# The image still works fine, but the spurious warning creates confusion. -# -# Docker doesn't seem to provide a way to directly set the arch of an image -# at build time. To resolve the build vs. target arch discrepancy, we use -# Docker Buildx to build a new set of images with the correct target arch. -# -# Docker Buildx uses this Dockerfile to build an image for each requested -# platform. Since the Dockerfile basically consists of a single `FROM` -# instruction, we're effectively telling Buildx to build a platform-specific -# image by simply copying the existing cross-built image and setting the -# correct target arch as a side effect. -# -# References: -# -# - https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images -# - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope -# - https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact -# -ARG LOCAL_REPO -ARG DOCKER_TAG -FROM ${LOCAL_REPO}:${DOCKER_TAG}-${TARGETARCH}${TARGETVARIANT} diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian new file mode 100644 index 0000000000..cacfff38c0 --- /dev/null +++ b/docker/Dockerfile.debian @@ -0,0 +1,179 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 +# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 +# [docker.io/vaultwarden/web-vault:v2023.8.2] +# +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault + +########################## Cross Compile Docker Helper Scripts ########################## +FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.72.1-slim-bookworm as build +COPY --from=xx / / +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + +# Install clang to get `xx-cargo` working +# Install pkg-config to allow amd64 builds to find all libraries +RUN apt-get update && \ + apt-get install -y \ + --no-install-recommends \ + clang pkg-config + +RUN xx-apt-get install -y \ + --no-install-recommends \ + gcc \ + libc6-dev \ + linux-libc-dev \ + libmariadb-dev \ + libmariadb-dev-compat \ + libmariadb3 \ + libpq-dev \ + libpq5 \ + libssl-dev + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + +# Environment variables for cargo across Debian and Alpine +RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \ + if xx-info is-cross ; then \ + # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. + # Because of this we generate the needed environment variables here which we can load in the needed steps. + echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ + echo "export CROSS_COMPILE=1" >> /env-cargo && \ + echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ + echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ + fi + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +# ARG CARGO_PROFILE=release +ARG CARGO_PROFILE=dev + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi + + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +# +# For these images to be able to built you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +FROM docker.io/library/debian:bookworm-slim + +ENV ROCKET_PROFILE="release" \ + ROCKET_ADDRESS=0.0.0.0 \ + ROCKET_PORT=80 \ + DEBIAN_FRONTEND=noninteractive + +# Create data folder and Install needed libraries +RUN mkdir /data && \ + apt-get update && apt-get install -y \ + --no-install-recommends \ + ca-certificates \ + curl \ + libmariadb-dev-compat \ + libpq5 \ + openssl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +CMD ["/start.sh"] diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index ab4c4ff4f7..8292869d4c 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -1,68 +1,14 @@ # syntax=docker/dockerfile:1 # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -{% set rust_version = "1.72.0" %} -{% set debian_version = "bookworm" %} -{% set alpine_version = "3.17" %} -{% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %} -{% if "alpine" in target_file %} -{% if "amd64" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %} -{% set package_arch_target = "x86_64-unknown-linux-musl" %} -{% elif "armv7" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %} -{% set package_arch_target = "armv7-unknown-linux-musleabihf" %} -{% elif "armv6" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %} -{% set package_arch_target = "arm-unknown-linux-musleabi" %} -{% elif "arm64" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %} -{% set package_arch_target = "aarch64-unknown-linux-musl" %} -{% endif %} -{% elif "amd64" in target_file %} -{% set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %} -{% elif "arm64" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %} -{% set package_arch_name = "arm64" %} -{% set package_arch_target = "aarch64-unknown-linux-gnu" %} -{% set package_cross_compiler = "aarch64-linux-gnu" %} -{% elif "armv6" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %} -{% set package_arch_name = "armel" %} -{% set package_arch_target = "arm-unknown-linux-gnueabi" %} -{% set package_cross_compiler = "arm-linux-gnueabi" %} -{% elif "armv7" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %} -{% set package_arch_name = "armhf" %} -{% set package_arch_target = "armv7-unknown-linux-gnueabihf" %} -{% set package_cross_compiler = "arm-linux-gnueabihf" %} -{% endif %} -{% if package_arch_name is defined %} -{% set package_arch_prefix = ":" + package_arch_name %} -{% else %} -{% set package_arch_prefix = "" %} -{% endif %} -{% if package_arch_target is defined %} -{% set package_arch_target_param = " --target=" + package_arch_target %} -{% else %} -{% set package_arch_target_param = "" %} -{% endif %} -{% if "buildkit" in target_file %} -{% set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %} -{% else %} -{% set mount_rust_cache = "" %} -{% endif %} +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -{% set vault_version = "v2023.8.2" %} -{% set vault_image_digest = "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" %} + +####################### VAULT BUILD IMAGE ####################### # The web-vault digest specifies a particular web-vault build on Docker Hub. # Using the digest instead of the tag name provides better security, # as the digest of an image is immutable, whereas a tag name can later @@ -80,10 +26,31 @@ # $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }} # [docker.io/vaultwarden/web-vault:{{ vault_version }}] # -FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault + +{% if base == "debian" %} +########################## Cross Compile Docker Helper Scripts ########################## +FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx +{% elif base == "alpine" %} +########################## ALPINE BUILD IMAGES ########################## +## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 +## And for Alpine we define all build images here, they will only be loaded when actually used +{% for arch in build_stage_image[base].arch_image %} +FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].arch_image[arch] }} as build_{{ arch }} +{% endfor %} +{% endif %} + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].image }} as build +{% if base == "debian" %} +COPY --from=xx / / +{% endif %} +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM -########################## BUILD IMAGE ########################## -FROM {{ build_stage_base_image }} as build +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -91,56 +58,39 @@ ENV DEBIAN_FRONTEND=noninteractive \ TZ=UTC \ TERM=xterm-256color \ CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ USER="root" +{%- if base == "alpine" %} \ + # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 + # Debian Bookworm already contains libpq v15 + PQ_LIB_DIR="/usr/local/musl/pq15/lib" +{% endif %} -# Create CARGO_HOME folder and don't download rust docs -RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal +{% if base == "debian" %} -{% if "alpine" in target_file %} -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -{% if "armv6" in target_file %} -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' -{% endif %} -{% elif "arm" in target_file %} -# Install build dependencies for the {{ package_arch_name }} architecture -RUN {{ mount_rust_cache -}} dpkg --add-architecture {{ package_arch_name }} \ - && apt-get update \ - && apt-get install -y \ +# Install clang to get `xx-cargo` working +# Install pkg-config to allow amd64 builds to find all libraries +RUN apt-get update && \ + apt-get install -y \ --no-install-recommends \ - gcc-{{ package_cross_compiler }} \ - libc6-dev{{ package_arch_prefix }} \ - linux-libc-dev{{ package_arch_prefix }} \ - libmariadb-dev{{ package_arch_prefix }} \ - libmariadb-dev-compat{{ package_arch_prefix }} \ - libmariadb3{{ package_arch_prefix }} \ - libpq-dev{{ package_arch_prefix }} \ - libpq5{{ package_arch_prefix }} \ - libssl-dev{{ package_arch_prefix }} \ - # - # Make sure cargo has the right target config - && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \ - OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}" -{% elif "amd64" in target_file %} -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ + clang pkg-config + +RUN xx-apt-get install -y \ --no-install-recommends \ + gcc \ + libc6-dev \ + linux-libc-dev \ libmariadb-dev \ - libpq-dev + libmariadb-dev-compat \ + libmariadb3 \ + libpq-dev \ + libpq5 \ + libssl-dev {% endif %} +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + # Creates a dummy project used to grab dependencies RUN USER=root cargo new --bin /app WORKDIR /app @@ -150,74 +100,105 @@ COPY ./Cargo.* ./ COPY ./rust-toolchain.toml ./rust-toolchain.toml COPY ./build.rs ./build.rs -{% if package_arch_target is defined %} -RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }} -{% endif %} +{% if base == "debian" %} +# Environment variables for cargo across Debian and Alpine +RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \ + if xx-info is-cross ; then \ + # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. + # Because of this we generate the needed environment variables here which we can load in the needed steps. + echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ + echo "export CROSS_COMPILE=1" >> /env-cargo && \ + echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ + echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ + fi # Configure the DB ARG as late as possible to not invalidate the cached layers above -{% if "alpine" in target_file %} +ARG DB=sqlite,mysql,postgresql +{% elif base == "alpine" %} +# Shared variables across Debian and Alpine +RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ + # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi + # Enable MiMalloc to improve performance on Alpine builds ARG DB=sqlite,mysql,postgresql,enable_mimalloc -{% else %} -ARG DB=sqlite,mysql,postgresql {% endif %} +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +# ARG CARGO_PROFILE=release +ARG CARGO_PROFILE=dev + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} \ - && find . -not -path "./target*" -delete +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Make sure that we actually build the project -RUN touch src/main.rs +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi -# Builds again, this time it'll just be -# your actual source files being built -RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM {{ runtime_stage_base_image }} +# +# For these images to be able to built you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +FROM {{ runtime_stage_image[base] }} ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ ROCKET_PORT=80 -{%- if "alpine" in runtime_stage_base_image %} \ +{%- if base == "debian" %} \ + DEBIAN_FRONTEND=noninteractive +{% elif base == "alpine" %} \ SSL_CERT_DIR=/etc/ssl/certs {% endif %} - -{% if "amd64" not in target_file %} -RUN [ "cross-build-start" ] -{% endif %} - # Create data folder and Install needed libraries -RUN mkdir /data \ -{% if "alpine" in runtime_stage_base_image %} - && apk add --no-cache \ +RUN mkdir /data && \ +{% if base == "debian" %} + apt-get update && apt-get install -y \ + --no-install-recommends \ ca-certificates \ curl \ - openssl \ - tzdata -{% else %} - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* -{% endif %} - -{% if "amd64" not in target_file %} -RUN [ "cross-build-end" ] + libmariadb-dev-compat \ + libpq5 \ + openssl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* +{% elif base == "alpine" %} + apk --no-cache add \ + ca-certificates \ + curl \ + openssl \ + tzdata {% endif %} VOLUME /data @@ -227,16 +208,13 @@ EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / -COPY --from=vault /web-vault ./web-vault -{% if package_arch_target is defined %} -COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden . -{% else %} -COPY --from=build /app/target/release/vaultwarden . -{% endif %} COPY docker/healthcheck.sh /healthcheck.sh COPY docker/start.sh /start.sh +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] CMD ["/start.sh"] diff --git a/docker/Makefile b/docker/Makefile index d7c0ab80a1..74c4bae551 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -1,15 +1,3 @@ -OBJECTS := $(shell find ./ -mindepth 2 -name 'Dockerfile*') - -all: $(OBJECTS) - -%/Dockerfile: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.alpine: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.buildkit: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" +all: + ./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian + ./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine diff --git a/docker/README.md b/docker/README.md index 1dbfe22c44..daff7916b6 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,3 +1,7 @@ -The arch-specific directory names follow the arch identifiers used by the Docker official images: +# Vaultwarden Container Building -https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64 +## Local container building + +```bash +docker buildx create --name multiarch --use --driver-opt network=host +``` diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile deleted file mode 100644 index 2efaf77a75..0000000000 --- a/docker/amd64/Dockerfile +++ /dev/null @@ -1,119 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - libpq-dev - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/debian:bookworm-slim - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine deleted file mode 100644 index 3e4f3efd17..0000000000 --- a/docker/amd64/Dockerfile.alpine +++ /dev/null @@ -1,116 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.buildkit b/docker/amd64/Dockerfile.buildkit deleted file mode 100644 index eac7a5ea0c..0000000000 --- a/docker/amd64/Dockerfile.buildkit +++ /dev/null @@ -1,119 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - libpq-dev - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/debian:bookworm-slim - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.buildkit.alpine b/docker/amd64/Dockerfile.buildkit.alpine deleted file mode 100644 index c1f199f553..0000000000 --- a/docker/amd64/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,116 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile deleted file mode 100644 index 910568d0ca..0000000000 --- a/docker/arm64/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the arm64 architecture -RUN dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - libc6-dev:arm64 \ - linux-libc-dev:arm64 \ - libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 \ - libmariadb3:arm64 \ - libpq-dev:arm64 \ - libpq5:arm64 \ - libssl-dev:arm64 \ - # - # Make sure cargo has the right target config - && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ - OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add aarch64-unknown-linux-gnu - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine deleted file mode 100644 index e23c306a6b..0000000000 --- a/docker/arm64/Dockerfile.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add aarch64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildkit b/docker/arm64/Dockerfile.buildkit deleted file mode 100644 index 7f370c4e9e..0000000000 --- a/docker/arm64/Dockerfile.buildkit +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the arm64 architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - libc6-dev:arm64 \ - linux-libc-dev:arm64 \ - libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 \ - libmariadb3:arm64 \ - libpq-dev:arm64 \ - libpq5:arm64 \ - libssl-dev:arm64 \ - # - # Make sure cargo has the right target config - && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ - OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildkit.alpine b/docker/arm64/Dockerfile.buildkit.alpine deleted file mode 100644 index 8cad80d399..0000000000 --- a/docker/arm64/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile deleted file mode 100644 index 6480c9a6c3..0000000000 --- a/docker/armv6/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armel architecture -RUN dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - libc6-dev:armel \ - linux-libc-dev:armel \ - libmariadb-dev:armel \ - libmariadb-dev-compat:armel \ - libmariadb3:armel \ - libpq-dev:armel \ - libpq5:armel \ - libssl-dev:armel \ - # - # Make sure cargo has the right target config - && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add arm-unknown-linux-gnueabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine deleted file mode 100644 index acec859ad9..0000000000 --- a/docker/armv6/Dockerfile.alpine +++ /dev/null @@ -1,120 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add arm-unknown-linux-musleabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildkit b/docker/armv6/Dockerfile.buildkit deleted file mode 100644 index 6211d9a3a5..0000000000 --- a/docker/armv6/Dockerfile.buildkit +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armel architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - libc6-dev:armel \ - linux-libc-dev:armel \ - libmariadb-dev:armel \ - libmariadb-dev-compat:armel \ - libmariadb3:armel \ - libpq-dev:armel \ - libpq5:armel \ - libssl-dev:armel \ - # - # Make sure cargo has the right target config - && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildkit.alpine b/docker/armv6/Dockerfile.buildkit.alpine deleted file mode 100644 index 21315cb364..0000000000 --- a/docker/armv6/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,120 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile deleted file mode 100644 index b517413318..0000000000 --- a/docker/armv7/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armhf architecture -RUN dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - libc6-dev:armhf \ - linux-libc-dev:armhf \ - libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf \ - libmariadb3:armhf \ - libpq-dev:armhf \ - libpq5:armhf \ - libssl-dev:armhf \ - # - # Make sure cargo has the right target config - && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add armv7-unknown-linux-gnueabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine deleted file mode 100644 index 450d19635b..0000000000 --- a/docker/armv7/Dockerfile.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add armv7-unknown-linux-musleabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.buildkit b/docker/armv7/Dockerfile.buildkit deleted file mode 100644 index aa291135e5..0000000000 --- a/docker/armv7/Dockerfile.buildkit +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armhf architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - libc6-dev:armhf \ - linux-libc-dev:armhf \ - libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf \ - libmariadb3:armhf \ - libpq-dev:armhf \ - libpq5:armhf \ - libssl-dev:armhf \ - # - # Make sure cargo has the right target config - && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.buildkit.alpine b/docker/armv7/Dockerfile.buildkit.alpine deleted file mode 100644 index 58a32af98e..0000000000 --- a/docker/armv7/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl new file mode 100644 index 0000000000..b9509abae7 --- /dev/null +++ b/docker/docker-bake.hcl @@ -0,0 +1,136 @@ +// ==== Baking Variables ==== + +// Set which cargo provile to use, dev or release for example +// Use the value provided in the Dockerfile as default +variable "CARGO_PROFILE" { + default = null +} + +// Set which DB's (features) to enable +// Use the value provided in the Dockerfile as default +variable "DB" { + default = null +} + +// The repository this build was triggered from +variable "SOURCE_REPOSITORY_URL" { + default = null +} + +// The commit hash of of the current commit this build was triggered on +variable "SOURCE_COMMIT" { + default = null +} + +// The version of this build +// Typically the current exact tag of this commit, +// else the last tag and the first 8 characters of the source commit +variable "SOURCE_VERSION" { + default = null +} + +// The base tag(s) to use +// This can be a comma separated value like "testing,1.29.2" +variable "BASE_TAGS" { + default = "testing" +} + +// Which container registries should be used for the tagging +// This can be a comma separated value +// Use a full URI like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` +variable "CONTAINER_REGISTRIES" { + default = "vaultwarden/server" +} + + +// ==== Baking Groups ==== + +group "default" { + targets = ["debian"] +} + + +// ==== Shared Baking ==== + +target "_default_attributes" { + labels = { + "org.opencontainers.image.licenses" = "AGPL-3.0-only" + "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki" + "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden" + "org.opencontainers.image.created" = "${formatdate("YYYY-MM-DD'T'hh:mm:ssZZZZZ", timestamp())}" + "org.opencontainers.image.source" = "${SOURCE_REPOSITORY_URL}" + "org.opencontainers.image.revision" = "${SOURCE_COMMIT}" + "org.opencontainers.image.version" = "${SOURCE_VERSION}" + } + args = { + DB = "${DB}" + CARGO_PROFILE = "${CARGO_PROFILE}" + } +} + + +// ==== Debian Baking ==== + +target "debian" { + inherits = ["_default_attributes"] + dockerfile = "docker/Dockerfile.debian" + output = ["type=docker"] + tags = generate_tags("", platform_tag()) +} + +target "debian-all" { + inherits = ["debian"] + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + tags = generate_tags("", "") + output = ["type=registry"] +} + + +// ==== Alpine Baking ==== + +target "alpine" { + inherits = ["_default_attributes"] + dockerfile = "docker/Dockerfile.alpine" + output = ["type=docker"] + tags = generate_tags("-alpine", platform_tag()) +} + +target "alpine-all" { + inherits = ["alpine"] + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + tags = generate_tags("-alpine", "") + output = ["type=registry"] +} + + +// ==== Baking functions ==== + +// This will return the local platform as amd64, arm64 or armv7 for example +// It can be used for creating a local image tag +function "platform_tag" { + params = [] + result = "-${replace(replace(BAKE_LOCAL_PLATFORM, "linux/", ""), "/", "")}" +} + + +function "get_container_registries" { + params = [] + result = flatten(split(",", CONTAINER_REGISTRIES)) +} + +function "get_base_tags" { + params = [] + result = flatten(split(",", BASE_TAGS)) +} + +function "generate_tags" { + params = [ + suffix, // What to append to the BASE_TAG when needed, like `-alpine` for example + platform // the platform we are building for if needed + ] + result = flatten([ + for registry in get_container_registries() : + [for base_tag in get_base_tags() : + concat(["${registry}:${base_tag}${suffix}${platform}"])] + ]) +} diff --git a/docker/render_template b/docker/render_template index c9978d5ad3..401e0ad021 100755 --- a/docker/render_template +++ b/docker/render_template @@ -1,17 +1,31 @@ #!/usr/bin/env python3 -import os, argparse, json - +import os +import argparse +import json +import yaml import jinja2 +# Load settings file +with open("DockerSettings.yaml", 'r') as yaml_file: + yaml_data = yaml.safe_load(yaml_file) + +settings_env = jinja2.Environment( + loader=jinja2.FileSystemLoader(os.getcwd()), +) +settings_yaml = yaml.safe_load(settings_env.get_template("DockerSettings.yaml").render(yaml_data)) + args_parser = argparse.ArgumentParser() args_parser.add_argument('template_file', help='Jinja2 template file to render.') args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.') cli_args = args_parser.parse_args() +# Merge the default config yaml with the json arguments given. render_vars = json.loads(cli_args.render_vars) +settings_yaml.update(render_vars) + environment = jinja2.Environment( loader=jinja2.FileSystemLoader(os.getcwd()), trim_blocks=True, ) -print(environment.get_template(cli_args.template_file).render(render_vars)) +print(environment.get_template(cli_args.template_file).render(settings_yaml)) diff --git a/hooks/README.md b/hooks/README.md deleted file mode 100644 index d198452e0a..0000000000 --- a/hooks/README.md +++ /dev/null @@ -1,20 +0,0 @@ -The hooks in this directory are used to create multi-arch images using Docker Hub automated builds. - -Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing): - -* `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested. -* `SOURCE_COMMIT`: the SHA1 hash of the commit being tested. -* `COMMIT_MSG`: the message from the commit being tested and built. -* `DOCKER_REPO`: the name of the Docker repository being built. -* `DOCKERFILE_PATH`: the dockerfile currently being built. -* `DOCKER_TAG`: the Docker repository tag being built. -* `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.) - -The current multi-arch image build relies on the original vaultwarden Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/distro combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point. - -## References - -* https://docs.docker.com/docker-hub/builds/advanced/ -* https://docs.docker.com/engine/reference/commandline/manifest/ -* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/ -* https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api diff --git a/hooks/arches.sh b/hooks/arches.sh deleted file mode 100644 index 96114fae48..0000000000 --- a/hooks/arches.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -# The default Debian-based images support these arches for all database backends. -arches=( - amd64 - armv6 - armv7 - arm64 -) -export arches - -if [[ "${DOCKER_TAG}" == *alpine ]]; then - distro_suffix=.alpine -fi -export distro_suffix diff --git a/hooks/build b/hooks/build deleted file mode 100755 index b89a56610b..0000000000 --- a/hooks/build +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -echo ">>> Building images..." - -# shellcheck source=arches.sh -source ./hooks/arches.sh - -if [[ -z "${SOURCE_COMMIT}" ]]; then - # This var is typically predefined by Docker Hub, but it won't be - # when testing locally. - SOURCE_COMMIT="$(git rev-parse HEAD)" -fi - -# Construct a version string in the style of `build.rs`. -GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" -if [[ -n "${GIT_EXACT_TAG}" ]]; then - SOURCE_VERSION="${GIT_EXACT_TAG}" -else - GIT_LAST_TAG="$(git describe --tags --abbrev=0)" - SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" -fi - -LABELS=( - # https://github.com/opencontainers/image-spec/blob/master/annotations.md - org.opencontainers.image.created="$(date --utc --iso-8601=seconds)" - org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki" - org.opencontainers.image.licenses="AGPL-3.0-only" - org.opencontainers.image.revision="${SOURCE_COMMIT}" - org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}" - org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden" - org.opencontainers.image.version="${SOURCE_VERSION}" -) -LABEL_ARGS=() -for label in "${LABELS[@]}"; do - LABEL_ARGS+=(--label "${label}") -done - -# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template -if [[ -n "${DOCKER_BUILDKIT}" ]]; then - buildkit_suffix=.buildkit -fi - -set -ex - -for arch in "${arches[@]}"; do - docker build \ - "${LABEL_ARGS[@]}" \ - -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \ - -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \ - . -done diff --git a/hooks/pre_build b/hooks/pre_build deleted file mode 100755 index 9829bb5d8e..0000000000 --- a/hooks/pre_build +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -# If requested, print some environment info for troubleshooting. -if [[ -n "${DOCKER_HUB_DEBUG}" ]]; then - id - pwd - df -h - env - docker info - docker version -fi - -# Install build dependencies. -deps=( - jq -) -apt-get update -apt-get install -y "${deps[@]}" - -# Docker Hub uses a shallow clone and doesn't fetch tags, which breaks some -# Git operations that we perform later, so fetch the complete history and -# tags first. Note that if the build is cached, the clone may have been -# unshallowed already; if so, unshallowing will fail, so skip it. -if [[ -f .git/shallow ]]; then - git fetch --unshallow --tags -fi diff --git a/hooks/push b/hooks/push deleted file mode 100755 index f2a3267f21..0000000000 --- a/hooks/push +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/env bash - -# shellcheck source=arches.sh -source ./hooks/arches.sh - -export DOCKER_CLI_EXPERIMENTAL=enabled - -# Join a list of args with a single char. -# Ref: https://stackoverflow.com/a/17841619 -join() { local IFS="$1"; shift; echo "$*"; } - -set -ex - -echo ">>> Starting local Docker registry when needed..." - -# Docker Buildx's `docker-container` driver is needed for multi-platform -# builds, but it can't access existing images on the Docker host (like the -# cross-compiled ones we just built). Those images first need to be pushed to -# a registry -- Docker Hub could be used, but since it's not trivial to clean -# up those intermediate images on Docker Hub, it's easier to just run a local -# Docker registry, which gets cleaned up automatically once the build job ends. -# -# https://docs.docker.com/registry/deploying/ -# https://hub.docker.com/_/registry -# -# Use host networking so the buildx container can access the registry via -# localhost. -# -# First check if there already is a registry container running, else skip it. -# This will only happen either locally or running it via Github Actions -# -if ! timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/5000'; then - # defaults to port 5000 - docker run -d --name registry --network host registry:2 -fi - -# Docker Hub sets a `DOCKER_REPO` env var with the format `index.docker.io/user/repo`. -# Strip the registry portion to construct a local repo path for use in `Dockerfile.buildx`. -LOCAL_REGISTRY="localhost:5000" -REPO="${DOCKER_REPO#*/}" -LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}" - -echo ">>> Pushing images to local registry..." - -for arch in "${arches[@]}"; do - docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}" - local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}" - docker tag "${docker_image}" "${local_image}" - docker push "${local_image}" -done - -echo ">>> Setting up Docker Buildx..." - -# Same as earlier, use host networking so the buildx container can access the -# registry via localhost. -# -# Ref: https://github.com/docker/buildx/issues/94#issuecomment-534367714 -# -# Check if there already is a builder running, else skip this and use the existing. -# This will only happen either locally or running it via Github Actions -# -if ! docker buildx inspect builder > /dev/null 2>&1 ; then - docker buildx create --name builder --use --driver-opt network=host -fi - -echo ">>> Running Docker Buildx..." - -tags=("${DOCKER_REPO}:${DOCKER_TAG}") - -# If the Docker tag starts with a version number, assume the latest release -# is being pushed. Add an extra tag (`latest` or `alpine`, as appropriate) -# to make it easier for users to track the latest release. -if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then - if [[ "${DOCKER_TAG}" == *alpine ]]; then - tags+=("${DOCKER_REPO}:alpine") - else - tags+=("${DOCKER_REPO}:latest") - fi -fi - -tag_args=() -for tag in "${tags[@]}"; do - tag_args+=(--tag "${tag}") -done - -# Docker Buildx takes a list of target platforms (OS/arch/variant), so map -# the arch list to a platform list (assuming the OS is always `linux`). -declare -A arch_to_platform=( - [amd64]="linux/amd64" - [armv6]="linux/arm/v6" - [armv7]="linux/arm/v7" - [arm64]="linux/arm64" -) -platforms=() -for arch in "${arches[@]}"; do - platforms+=("${arch_to_platform[$arch]}") -done -platform="$(join "," "${platforms[@]}")" - -# Run the build, pushing the resulting images and multi-arch manifest list to -# Docker Hub. The Dockerfile is read from stdin to avoid sending any build -# context, which isn't needed here since the actual cross-compiled images -# have already been built. -docker buildx build \ - --network host \ - --build-arg LOCAL_REPO="${LOCAL_REPO}" \ - --build-arg DOCKER_TAG="${DOCKER_TAG}" \ - --platform "${platform}" \ - "${tag_args[@]}" \ - --push \ - - < ./docker/Dockerfile.buildx diff --git a/rust-toolchain.toml b/rust-toolchain.toml index f0263f9f2f..e279de73a0 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] -channel = "1.72.0" +channel = "1.72.1" components = [ "rustfmt", "clippy" ] profile = "minimal" From a85417d25b1ef3a0d04e3d26312cf92ca7d020f2 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Fri, 6 Oct 2023 16:06:00 +0200 Subject: [PATCH 2/4] Small updates - Updated to rust 1.73.0 - Updated crates - Updated documentation - Added a bake.sh script to make baking easier --- Cargo.lock | 60 +++++++++---------- Cargo.toml | 11 ++-- docker/DockerSettings.yaml | 4 +- docker/Dockerfile.alpine | 11 ++-- docker/Dockerfile.debian | 5 +- docker/Dockerfile.j2 | 3 +- docker/README.md | 118 ++++++++++++++++++++++++++++++++++++- docker/bake.sh | 25 ++++++++ docker/docker-bake.hcl | 79 ++++++++++++++++++++++++- rust-toolchain.toml | 2 +- 10 files changed, 263 insertions(+), 55 deletions(-) create mode 100755 docker/bake.sh diff --git a/Cargo.lock b/Cargo.lock index d04b6a084d..453990208d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -232,7 +232,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -249,7 +249,7 @@ checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -399,9 +399,9 @@ checksum = "374d28ec25809ee0e23827c2ab573d729e293f281dfe393500e7ad618baa61c6" [[package]] name = "byteorder" -version = "1.4.3" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" @@ -720,14 +720,14 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] name = "diesel" -version = "2.1.2" +version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53c8a2cb22327206568569e5a45bb5a2c946455efdd76e24d15b7e82171af95e" +checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33" dependencies = [ "bitflags 2.4.0", "byteorder", @@ -752,7 +752,7 @@ dependencies = [ "diesel_table_macro_syntax", "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -782,7 +782,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc5557efc453706fed5e4fa85006fe9817c224c3f480a34c7e5959fd700921c5" dependencies = [ - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -845,7 +845,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -1042,7 +1042,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -1845,7 +1845,7 @@ checksum = "9e6a0fd4f737c707bd9086cc16c925f294943eb62eb71499e9fd4cf71f8b9f4e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -1924,7 +1924,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -2036,7 +2036,7 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -2085,7 +2085,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -2205,9 +2205,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.67" +version = "1.0.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" +checksum = "5b1106fec09662ec6dd98ccac0f81cef56984d0b49f75c92d8cbad76e20c005c" dependencies = [ "unicode-ident", ] @@ -2220,7 +2220,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", "version_check", "yansi 1.0.0-rc.1", ] @@ -2354,7 +2354,7 @@ checksum = "7f7473c2cfcf90008193dd0e3e16599455cb601a9fce322b5bb55de799664925" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -2552,7 +2552,7 @@ dependencies = [ "proc-macro2", "quote", "rocket_http", - "syn 2.0.37", + "syn 2.0.38", "unicode-xid", ] @@ -2796,7 +2796,7 @@ checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -3000,9 +3000,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.37" +version = "2.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" +checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" dependencies = [ "proc-macro2", "quote", @@ -3073,7 +3073,7 @@ checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -3167,7 +3167,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -3337,7 +3337,7 @@ checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -3679,7 +3679,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", "wasm-bindgen-shared", ] @@ -3713,7 +3713,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3892,9 +3892,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "winnow" -version = "0.5.15" +version = "0.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c2e3184b9c4e92ad5167ca73039d0c42476302ab603e2fec4487511f38ccefc" +checksum = "037711d82167854aff2018dfd193aa0fef5370f456732f0d5a0c59b0f1b4b907" dependencies = [ "memchr", ] diff --git a/Cargo.toml b/Cargo.toml index 55d36fc29b..e272d752ca 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,7 @@ name = "vaultwarden" version = "1.0.0" authors = ["Daniel García "] edition = "2021" -rust-version = "1.70.0" +rust-version = "1.71.1" resolver = "2" repository = "https://github.com/dani-garcia/vaultwarden" @@ -75,7 +75,7 @@ serde = { version = "1.0.188", features = ["derive"] } serde_json = "1.0.107" # A safe, extensible ORM and Query builder -diesel = { version = "2.1.2", features = ["chrono", "r2d2"] } +diesel = { version = "2.1.3", features = ["chrono", "r2d2"] } diesel_migrations = "2.1.0" diesel_logger = { version = "0.3.0", optional = true } @@ -141,6 +141,9 @@ cookie_store = "0.19.1" # Used by U2F, JWT and PostgreSQL openssl = "0.10.57" +# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width +# It will force add a dynamically linked library which prevents the build from being static +openssl-sys = "=0.9.92" # CLI argument parsing pico-args = "0.5.0" @@ -163,10 +166,6 @@ argon2 = "0.5.2" # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN rpassword = "7.2.0" -# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width -# It will force add a dynamically linked library which prevents the build from being static -openssl-sys = "=0.9.92" - [patch.crates-io] rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml index b0be283f74..2ad1eb1460 100644 --- a/docker/DockerSettings.yaml +++ b/docker/DockerSettings.yaml @@ -1,7 +1,7 @@ --- vault_version: "v2023.8.2" -vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" # v2023.8.2 -rust_version: 1.72.1 # Rust version to be used +vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" +rust_version: 1.73.0 # Rust version to be used debian_version: bookworm # Debian release name to be used alpine_version: 3.18 # Alpine version to be used # For which platforms/architectures will we try to build images diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index f9307e8928..77742c35b0 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -31,10 +31,10 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2 ########################## ALPINE BUILD IMAGES ########################## ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 ## And for Alpine we define all build images here, they will only be loaded when actually used -FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.72.1 as build_amd64 -FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.72.1 as build_arm64 -FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.1 as build_armv7 -FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.72.1 as build_armv6 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.73.0 as build_amd64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.73.0 as build_arm64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.73.0 as build_armv7 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.73.0 as build_armv6 ########################## BUILD IMAGE ########################## # hadolint ignore=DL3006 @@ -81,8 +81,7 @@ ARG DB=sqlite,mysql,postgresql,enable_mimalloc RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" -# ARG CARGO_PROFILE=release -ARG CARGO_PROFILE=dev +ARG CARGO_PROFILE=release # Builds your dependencies and removes the # dummy project, except the target folder diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index cacfff38c0..edeec27358 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -33,7 +33,7 @@ FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx ########################## BUILD IMAGE ########################## # hadolint ignore=DL3006 -FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.72.1-slim-bookworm as build +FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.73.0-slim-bookworm as build COPY --from=xx / / ARG TARGETARCH ARG TARGETVARIANT @@ -100,8 +100,7 @@ ARG DB=sqlite,mysql,postgresql RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" -# ARG CARGO_PROFILE=release -ARG CARGO_PROFILE=dev +ARG CARGO_PROFILE=release # Builds your dependencies and removes the # dummy project, except the target folder diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index 8292869d4c..1a182116c2 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -129,8 +129,7 @@ ARG DB=sqlite,mysql,postgresql,enable_mimalloc RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" -# ARG CARGO_PROFILE=release -ARG CARGO_PROFILE=dev +ARG CARGO_PROFILE=release # Builds your dependencies and removes the # dummy project, except the target folder diff --git a/docker/README.md b/docker/README.md index daff7916b6..ad81e3b99e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,7 +1,121 @@ # Vaultwarden Container Building -## Local container building +To build and release new testing and stable releases of Vaultwarden we use `docker buildx bake`.
+This can be used locally by running the command your self, but it is also used by GitHub Actions. + +This makes it easier for us to test and maintain the different architectures we provide.
+We also just have two Dockerfile's one for Debian and one for Alpine based images.
+With just these two files we can build both Debian and Alpine images for the following platforms: + - amd64 (linux/amd64) + - arm64 (linux/arm64) + - armv7 (linux/arm/v7) + - armv6 (linux/arm/v6) + +To build these containers you need to enable QEMU binfmt support to be able to run/emulate architectures which are different then your host.
+This ensures the container build process can run binaries from other architectures.
+ +**NOTE**: Run all the examples below from the root of the repo.
+ + +## How to install QEMU binfmt support + +This is different per host OS, but most support this in some way.
+ +### Ubuntu/Debian +```bash +apt install binfmt-support qemu-user-static +``` + +### Arch Linux (others based upon it) +```bash +pacman -S qemu-user-static qemu-user-static-binfmt +``` + +### Fedora +```bash +dnf install qemu-user-static +``` + +### Others +There also is an option to use an other docker container to provide support for this. +```bash +# To install and activate +docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To unistall +docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +``` + + +## Single architecture container building + +You can build a container per supported architecture as long as you have QEMU binfmt support installed on your system.
+ +```bash +# Default bake triggers a Debian build using the hosts architecture +docker buildx bake --file docker/docker-bake.hcl + +# Bake Debian ARM64 using a debug build +CARGO_PROFILE=dev \ +SOURCE_COMMIT="$(git rev-parse HEAD)" \ +docker buildx bake --file docker/docker-bake.hcl debian-arm64 + +# Bake Alpine ARMv6 as a release build +SOURCE_COMMIT="$(git rev-parse HEAD)" \ +docker buildx bake --file docker/docker-bake.hcl alpine-armv6 +``` + + +## Local Multi Architecture container building + +Start the the initialization, this only needs to be done once. + +```bash +# Create and use a new buildx builder instance which connects to the host network +docker buildx create --name vaultwarden --use --driver-opt network=host + +# Validate it runs +docker buildx inspect --bootstrap + +# Create a local container registry directly reachable on the localhost +docker run -d --name registry --network host registry:2 +``` + +After that is done, you should be able to build and push to the local registry.
+Use the following command with the modified variables to bake the Alpine images.
+Replace `alpine` with `debian` if you want to build the debian multi arch images. ```bash -docker buildx create --name multiarch --use --driver-opt network=host +# Start a buildx bake using a debug build +CARGO_PROFILE=dev \ +SOURCE_COMMIT="$(git rev-parse HEAD)" \ +CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \ +docker buildx bake --file docker/docker-bake.hcl alpine-multi ``` + +## Using the `bake.sh` script + +To make it a bit more easier to trigger a build, there also is a `bake.sh` script.
+This script calls `docker buildx bake` with all the right parameters and also generates the `SOURCE_COMMIT` and `SOURCE_VERSION` variables.
+This script can be called from both the repo root or within the docker directory. + +So, if you want to build a Multi Arch Alpine container pushing to your localhost registry you can run this from within the docker directory. (Just make sure you executed the initialization steps above first) +```bash +CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \ +./bake.sh alpine-multi +``` + +Or if you want to just build a Debian container from the repo root, you can run this. +```bash +docker/bake.sh +``` + +## Variables supported +| Variable | default | description | +| --------------------- | ------------------ | ----------- | +| CARGO_PROFILE | null | Which cargo profile to use. `null` means what is defined in the Dockerfile | +| DB | null | Which `features` to build. `null` means what is defined in the Dockerfile | +| SOURCE_REPOSITORY_URL | null | The source repository form where this build is triggered | +| SOURCE_COMMIT | null | The commit hash of the current commit for this build | +| SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit | +| BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" | +| CONTAINER_REGISTRIES | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` | diff --git a/docker/bake.sh b/docker/bake.sh new file mode 100755 index 0000000000..fa10179d71 --- /dev/null +++ b/docker/bake.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env sh + +# Determine the basedir of this script. +# It should be located in the same directory as the docker-bake.hcl +# This ensures you can run this script from both inside and outside of the docker directory +BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") + +if [ -z "${SOURCE_COMMIT}" ]; then + SOURCE_COMMIT="$(git rev-parse HEAD)" +fi + +GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" +if [ -n "${GIT_EXACT_TAG}" ]; then + SOURCE_VERSION="${GIT_EXACT_TAG}" +else + GIT_LAST_TAG="$(git describe --tags --abbrev=0)" + SOURCE_VERSION="${GIT_LAST_TAG}-$(printf '%s' "${SOURCE_COMMIT}" | cut -c 8)" +fi + +# Export the rendered variables above so bake will use them +export SOURCE_COMMIT +export SOURCE_VERSION + +# Make sure we set the context to `..` so it will go up one directory +docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@" diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl index b9509abae7..bc25ca590b 100644 --- a/docker/docker-bake.hcl +++ b/docker/docker-bake.hcl @@ -1,6 +1,6 @@ // ==== Baking Variables ==== -// Set which cargo provile to use, dev or release for example +// Set which cargo profile to use, dev or release for example // Use the value provided in the Dockerfile as default variable "CARGO_PROFILE" { default = null @@ -71,6 +71,7 @@ target "_default_attributes" { // ==== Debian Baking ==== +// Default Debian target, will build a container using the hosts platform architecture target "debian" { inherits = ["_default_attributes"] dockerfile = "docker/Dockerfile.debian" @@ -78,16 +79,49 @@ target "debian" { tags = generate_tags("", platform_tag()) } -target "debian-all" { +// Multi Platform target, will build one tagged manifest with all supported architectures +// This is mainly used by GitHub Actions to build and push new containers +target "debian-multi" { inherits = ["debian"] platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] tags = generate_tags("", "") output = ["type=registry"] } +// Per platform targets, to individually test building per platform locally +target "debian-amd64" { + inherits = ["debian"] + platforms = ["linux/amd64"] + tags = generate_tags("", "-amd64") +} + +target "debian-arm64" { + inherits = ["debian"] + platforms = ["linux/arm64"] + tags = generate_tags("", "-arm64") +} + +target "debian-armv7" { + inherits = ["debian"] + platforms = ["linux/arm/v7"] + tags = generate_tags("", "-armv7") +} + +target "debian-armv6" { + inherits = ["debian"] + platforms = ["linux/arm/v6"] + tags = generate_tags("", "-armv6") +} + +// A Group to build all platforms individually for local testing +group "debian-all" { + targets = ["debian-amd64", "debian-arm64", "debian-armv7", "debian-armv6"] +} + // ==== Alpine Baking ==== +// Default Alpine target, will build a container using the hosts platform architecture target "alpine" { inherits = ["_default_attributes"] dockerfile = "docker/Dockerfile.alpine" @@ -95,13 +129,52 @@ target "alpine" { tags = generate_tags("-alpine", platform_tag()) } -target "alpine-all" { +// Multi Platform target, will build one tagged manifest with all supported architectures +// This is mainly used by GitHub Actions to build and push new containers +target "alpine-multi" { inherits = ["alpine"] platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] tags = generate_tags("-alpine", "") output = ["type=registry"] } +// Per platform targets, to individually test building per platform locally +target "alpine-amd64" { + inherits = ["alpine"] + platforms = ["linux/amd64"] + tags = generate_tags("-alpine", "-amd64") +} + +target "alpine-arm64" { + inherits = ["alpine"] + platforms = ["linux/arm64"] + tags = generate_tags("-alpine", "-arm64") +} + +target "alpine-armv7" { + inherits = ["alpine"] + platforms = ["linux/arm/v7"] + tags = generate_tags("-alpine", "-armv7") +} + +target "alpine-armv6" { + inherits = ["alpine"] + platforms = ["linux/arm/v6"] + tags = generate_tags("-alpine", "-armv6") +} + +// A Group to build all platforms individually for local testing +group "alpine-all" { + targets = ["alpine-amd64", "alpine-arm64", "alpine-armv7", "alpine-armv6"] +} + + +// ==== Bake everything locally ==== + +group "all" { + targets = ["debian-all", "alpine-all"] +} + // ==== Baking functions ==== diff --git a/rust-toolchain.toml b/rust-toolchain.toml index e279de73a0..b7979b7cab 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] -channel = "1.72.1" +channel = "1.73.0" components = [ "rustfmt", "clippy" ] profile = "minimal" From a765481b05e751409416b6ce76278f09c6f9f3b2 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Fri, 6 Oct 2023 18:52:26 +0200 Subject: [PATCH 3/4] Update GitHub Actions Workflow - Updated workflow to use qemu and buildx bake In the future i would like to extract the alpine based binaries and add them as artifacts to the release. --- .github/workflows/build.yml | 19 ++-- .github/workflows/release.yml | 204 ++++++++++++---------------------- Cargo.lock | 135 +++++++++++----------- Cargo.toml | 10 +- docker/Dockerfile.alpine | 4 +- docker/Dockerfile.debian | 28 +++-- docker/Dockerfile.j2 | 32 ++++-- docker/README.md | 12 +- 8 files changed, 202 insertions(+), 242 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 382194657a..446b0fcef8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,7 +34,6 @@ jobs: # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes. env: RUSTFLAGS: "-D warnings" - CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse strategy: fail-fast: false matrix: @@ -205,12 +204,12 @@ jobs: cargo build --release --features sqlite,mysql,postgresql # End Build the binary - - # Upload artifact to Github Actions - - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - if: ${{ matrix.channel == 'rust-toolchain' }} - with: - name: vaultwarden - path: target/release/vaultwarden - # End Upload artifact to Github Actions + # TODO: We should not upload these. We should extract Alpine build binaries from the containers and upload them + # # Upload artifact to Github Actions + # - name: "Upload artifact" + # uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + # if: ${{ matrix.channel == 'rust-toolchain' }} + # with: + # name: vaultwarden + # path: target/release/vaultwarden + # # End Upload artifact to Github Actions diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4829be6f15..21c9d4c7a5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,6 @@ on: - ".github/workflows/release.yml" - "src/**" - "migrations/**" - - "hooks/**" - "docker/**" - "Cargo.*" - "build.rs" @@ -35,23 +34,20 @@ jobs: with: cancel_others: 'true' # Only run this when not creating a tag - if: ${{ startsWith(github.ref, 'refs/heads/') }} + if: ${{ github.ref_type == 'branch' }} docker-build: runs-on: ubuntu-22.04 timeout-minutes: 120 needs: skip_check - # Start a local docker registry to be used to generate multi-arch images. - services: - registry: - image: registry:2 - ports: - - 5000:5000 + if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} + # TODO: Start a local docker registry to be used to extract the final Alpine static build images + # services: + # registry: + # image: registry:2 + # ports: + # - 5000:5000 env: - # Use BuildKit (https://docs.docker.com/build/buildkit/) for better - # build performance and the ability to copy extended file attributes - # (e.g., for executable capabilities) across build phases. - DOCKER_BUILDKIT: 1 SOURCE_COMMIT: ${{ github.sha }} SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" # The *_REPO variables need to be configured as repository variables @@ -65,7 +61,6 @@ jobs: # QUAY_REPO needs to be 'quay.io//' # Check for Quay.io credentials in secrets HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }} - if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} strategy: matrix: base_image: ["debian","alpine"] @@ -77,18 +72,43 @@ jobs: with: fetch-depth: 0 - # Determine Docker Tag - - name: Init Variables - id: vars + - name: Initialize QEMU binfmt support + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + with: + platforms: "arm64,arm" + + # Start Docker Buildx + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + # https://github.com/moby/buildkit/issues/3969 + # Also set max parallelism to 2, the default of 4 breaks GitHub Actions + with: + config-inline: | + [worker.oci] + max-parallelism = 2 + driver-opts: | + network=host + + # Determine Base Tags and Source Version + - name: Determine Base Tags and Source Version shell: bash run: | - # Check which main tag we are going to build determined by github.ref - if [[ "${{ github.ref }}" == refs/tags/* ]]; then - echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}" - elif [[ "${{ github.ref }}" == refs/heads/* ]]; then - echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}" + # Check which main tag we are going to build determined by github.ref_type + if [[ "${{ github.ref_type }}" == "tag" ]]; then + echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}" + elif [[ "${{ github.ref_type }}" == "branch" ]]; then + echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}" + fi + + # Get the Source Version for this release + GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)" + if [[ -n "${GIT_EXACT_TAG}" ]]; then + echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}" + else + GIT_LAST_TAG="$(git describe --tags --abbrev=0)" + echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" fi - # End Determine Docker Tag + # End Determine Base Tags # Login to Docker Hub - name: Login to Docker Hub @@ -98,6 +118,12 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} + - name: Add registry for DockerHub + if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} + shell: bash + run: | + echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}" + # Login to GitHub Container Registry - name: Login to GitHub Container Registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -107,6 +133,12 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} + - name: Add registry for ghcr.io + if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} + shell: bash + run: | + echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}" + # Login to Quay.io - name: Login to Quay.io uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -116,120 +148,22 @@ jobs: password: ${{ secrets.QUAY_TOKEN }} if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} - # Debian - - # Docker Hub - - name: Build Debian based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - - name: Push Debian based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - # GitHub Container Registry - - name: Build Debian based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }} - - - name: Push Debian based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }} - - # Quay.io - - name: Build Debian based images (quay.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }} - - - name: Push Debian based images (quay.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }} - - # Alpine - - # Docker Hub - - name: Build Alpine based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - - name: Push Alpine based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - # GitHub Container Registry - - name: Build Alpine based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }} - - - name: Push Alpine based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }} - - # Quay.io - - name: Build Alpine based images (quay.io) + - name: Add registry for Quay.io + if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} shell: bash - env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | - ./hooks/build - if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }} + echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}" - - name: Push Alpine based images (quay.io) - shell: bash + - name: Bake ${{ matrix.base_image }} containers + uses: docker/bake-action@511fde2517761e303af548ec9e0ea74a8a100112 # v4.0.0 env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }} + BASE_TAGS: "${{ env.BASE_TAGS }}" + SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}" + SOURCE_VERSION: "${{ env.SOURCE_VERSION }}" + SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}" + CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}" + with: + pull: true + push: true + files: docker/docker-bake.hcl + targets: "${{ matrix.base_image }}-multi" diff --git a/Cargo.lock b/Cargo.lock index 453990208d..1fe5792e84 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -30,9 +30,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" dependencies = [ "memchr", ] @@ -92,7 +92,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35" dependencies = [ "concurrent-queue", - "event-listener", + "event-listener 2.5.3", "futures-core", ] @@ -165,24 +165,41 @@ version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b" dependencies = [ - "event-listener", + "event-listener 2.5.3", ] [[package]] name = "async-process" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a9d28b1d97e08915212e2e45310d47854eafa69600756fc735fb788f75199c9" +checksum = "ea6438ba0a08d81529c69b36700fa2f95837bfe3e776ab39cde9c14d9149da88" dependencies = [ "async-io", "async-lock", - "autocfg", + "async-signal", "blocking", "cfg-if", - "event-listener", + "event-listener 3.0.0", "futures-lite", - "rustix 0.37.24", - "signal-hook", + "rustix 0.38.18", + "windows-sys", +] + +[[package]] +name = "async-signal" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2a5415b7abcdc9cd7d63d6badba5288b2ca017e3fbd4173b8f405449f1a2399" +dependencies = [ + "async-io", + "async-lock", + "atomic-waker", + "cfg-if", + "futures-core", + "futures-io", + "rustix 0.38.18", + "signal-hook-registry", + "slab", "windows-sys", ] @@ -350,9 +367,9 @@ dependencies = [ [[package]] name = "blocking" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94c4ef1f913d78636d78d538eec1f18de81e481f44b1be0a81060090530846e1" +checksum = "8c36a4d0d48574b3dd360b4b7d95cc651d2b6557b6402848a27d4b228a473e2a" dependencies = [ "async-channel", "async-lock", @@ -856,25 +873,14 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.4" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "add4f07d43996f76ef320709726a556a9d4f965d9410d8d0271132d2f8293480" +checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" dependencies = [ - "errno-dragonfly", "libc", "windows-sys", ] -[[package]] -name = "errno-dragonfly" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" -dependencies = [ - "cc", - "libc", -] - [[package]] name = "error-chain" version = "0.12.4" @@ -890,6 +896,17 @@ version = "2.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" +[[package]] +name = "event-listener" +version = "3.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29e56284f00d94c1bc7fd3c77027b4623c88c1f53d8d2394c6199f2921dea325" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] + [[package]] name = "fastrand" version = "1.9.0" @@ -1466,7 +1483,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.17", + "rustix 0.38.18", "windows-sys", ] @@ -1562,9 +1579,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.148" +version = "0.2.149" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" +checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" [[package]] name = "libmimalloc-sys" @@ -1601,9 +1618,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.8" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3852614a3bd9ca9804678ba6be5e3b8ce76dfc902cae004e3e0c44051b6e88db" +checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "lock_api" @@ -1839,9 +1856,9 @@ dependencies = [ [[package]] name = "num-derive" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e6a0fd4f737c707bd9086cc16c925f294943eb62eb71499e9fd4cf71f8b9f4e" +checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", @@ -1860,9 +1877,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" dependencies = [ "autocfg", ] @@ -2205,9 +2222,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.68" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b1106fec09662ec6dd98ccac0f81cef56984d0b49f75c92d8cbad76e20c005c" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" dependencies = [ "unicode-ident", ] @@ -2359,14 +2376,14 @@ dependencies = [ [[package]] name = "regex" -version = "1.9.6" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" +checksum = "d119d7c7ca818f8a53c300863d4f87566aac09943aef5b355bb83969dae75d87" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.3.9", - "regex-syntax 0.7.5", + "regex-automata 0.4.1", + "regex-syntax 0.8.0", ] [[package]] @@ -2380,13 +2397,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.9" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" +checksum = "465c6fc0621e4abc4187a2bda0937bfd4f722c2730b29562e19689ea796c9a4b" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.7.5", + "regex-syntax 0.8.0", ] [[package]] @@ -2397,9 +2414,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.7.5" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" +checksum = "c3cbb081b9784b07cceb8824c8583f86db4814d172ab043f3c23f7dc600bf83d" [[package]] name = "reopen" @@ -2637,14 +2654,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.17" +version = "0.38.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f25469e9ae0f3d0047ca8b93fc56843f38e6774f0914a107ff8b41be8be8e0b7" +checksum = "5a74ee2d7c2581cd139b42447d7d9389b889bdaad3a73f1ebb16f2a3237bb19c" dependencies = [ "bitflags 2.4.0", "errno", "libc", - "linux-raw-sys 0.4.8", + "linux-raw-sys 0.4.10", "windows-sys", ] @@ -2765,9 +2782,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.19" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad977052201c6de01a8ef2aa3378c4bd23217a056337d1d6da40468d267a4fb0" +checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" @@ -2873,16 +2890,6 @@ dependencies = [ "lazy_static", ] -[[package]] -name = "signal-hook" -version = "0.3.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" -dependencies = [ - "libc", - "signal-hook-registry", -] - [[package]] name = "signal-hook-registry" version = "1.4.1" @@ -3052,7 +3059,7 @@ dependencies = [ "cfg-if", "fastrand 2.0.1", "redox_syscall", - "rustix 0.38.17", + "rustix 0.38.18", "windows-sys", ] @@ -3142,9 +3149,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.32.0" +version = "1.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17ed6077ed6cd6c74735e21f37eb16dc3935f96878b1fe961074089cc80893f9" +checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653" dependencies = [ "backtrace", "bytes", @@ -3775,7 +3782,7 @@ dependencies = [ "either", "home", "once_cell", - "rustix 0.38.17", + "rustix 0.38.18", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index e272d752ca..8c279c0d21 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -51,8 +51,8 @@ dotenvy = { version = "0.15.7", default-features = false } once_cell = "1.18.0" # Numerical libraries -num-traits = "0.2.16" -num-derive = "0.4.0" +num-traits = "0.2.17" +num-derive = "0.4.1" # Web framework rocket = { version = "0.5.0-rc.3", features = ["tls", "json"], default-features = false } @@ -68,7 +68,7 @@ dashmap = "5.5.3" # Async futures futures = "0.3.28" -tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } +tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } # A generic serialization/deserialization framework serde = { version = "1.0.188", features = ["derive"] } @@ -128,7 +128,7 @@ reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip" # Favicon extraction libraries html5gum = "0.5.7" -regex = { version = "1.9.6", features = ["std", "perf", "unicode-perl"], default-features = false } +regex = { version = "1.10.0", features = ["std", "perf", "unicode-perl"], default-features = false } data-url = "0.3.0" bytes = "1.5.0" @@ -153,7 +153,7 @@ paste = "1.0.14" governor = "0.6.0" # Check client versions for specific features. -semver = "1.0.19" +semver = "1.0.20" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 77742c35b0..6bfe90ad35 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -73,7 +73,9 @@ COPY ./build.rs ./build.rs # Shared variables across Debian and Alpine RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic - if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi && \ + # Output the current contents of the file + cat /env-cargo # Enable MiMalloc to improve performance on Alpine builds ARG DB=sqlite,mysql,postgresql,enable_mimalloc diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index edeec27358..8607e63a3b 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -51,22 +51,28 @@ ENV DEBIAN_FRONTEND=noninteractive \ # Install clang to get `xx-cargo` working # Install pkg-config to allow amd64 builds to find all libraries +# Install the libc cross packages based upon the debian-arch RUN apt-get update && \ apt-get install -y \ --no-install-recommends \ - clang pkg-config + clang pkg-config \ + "libc6-$(xx-info debian-arch)-cross" \ + "libc6-dev-$(xx-info debian-arch)-cross" \ + "linux-libc-dev-$(xx-info debian-arch)-cross" && \ + # Run xx-cargo early, since it sometimes seems to break when run at a later stage + echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo RUN xx-apt-get install -y \ --no-install-recommends \ gcc \ - libc6-dev \ - linux-libc-dev \ - libmariadb-dev \ - libmariadb-dev-compat \ libmariadb3 \ libpq-dev \ libpq5 \ - libssl-dev + libssl-dev && \ + # Force install arch dependend mariadb dev packages + # Installing them the normal way breaks several other packages (again) + apt-get download "libmariadb-dev-compat:$(xx-info debian-arch)" "libmariadb-dev:$(xx-info debian-arch)" && \ + dpkg --force-all -i ./libmariadb-dev*.deb # Create CARGO_HOME folder and don't download rust docs RUN mkdir -pv "${CARGO_HOME}" \ @@ -82,17 +88,19 @@ COPY ./rust-toolchain.toml ./rust-toolchain.toml COPY ./build.rs ./build.rs # Environment variables for cargo across Debian and Alpine -RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \ +RUN source /env-cargo && \ if xx-info is-cross ; then \ # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. # Because of this we generate the needed environment variables here which we can load in the needed steps. - echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ - echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ echo "export CROSS_COMPILE=1" >> /env-cargo && \ echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ - fi + fi && \ + # Output the current contents of the file + cat /env-cargo # Configure the DB ARG as late as possible to not invalidate the cached layers above ARG DB=sqlite,mysql,postgresql diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index 1a182116c2..5748850ee1 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -69,22 +69,28 @@ ENV DEBIAN_FRONTEND=noninteractive \ # Install clang to get `xx-cargo` working # Install pkg-config to allow amd64 builds to find all libraries +# Install the libc cross packages based upon the debian-arch RUN apt-get update && \ apt-get install -y \ --no-install-recommends \ - clang pkg-config + clang pkg-config \ + "libc6-$(xx-info debian-arch)-cross" \ + "libc6-dev-$(xx-info debian-arch)-cross" \ + "linux-libc-dev-$(xx-info debian-arch)-cross" && \ + # Run xx-cargo early, since it sometimes seems to break when run at a later stage + echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo RUN xx-apt-get install -y \ --no-install-recommends \ gcc \ - libc6-dev \ - linux-libc-dev \ - libmariadb-dev \ - libmariadb-dev-compat \ libmariadb3 \ libpq-dev \ libpq5 \ - libssl-dev + libssl-dev && \ + # Force install arch dependend mariadb dev packages + # Installing them the normal way breaks several other packages (again) + apt-get download "libmariadb-dev-compat:$(xx-info debian-arch)" "libmariadb-dev:$(xx-info debian-arch)" && \ + dpkg --force-all -i ./libmariadb-dev*.deb {% endif %} # Create CARGO_HOME folder and don't download rust docs @@ -102,17 +108,19 @@ COPY ./build.rs ./build.rs {% if base == "debian" %} # Environment variables for cargo across Debian and Alpine -RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \ +RUN source /env-cargo && \ if xx-info is-cross ; then \ # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. # Because of this we generate the needed environment variables here which we can load in the needed steps. - echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ - echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CC_$(echo ${CARGO_TARGET} | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(echo ${CARGO_TARGET} | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ echo "export CROSS_COMPILE=1" >> /env-cargo && \ echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ - fi + fi && \ + # Output the current contents of the file + cat /env-cargo # Configure the DB ARG as late as possible to not invalidate the cached layers above ARG DB=sqlite,mysql,postgresql @@ -120,7 +128,9 @@ ARG DB=sqlite,mysql,postgresql # Shared variables across Debian and Alpine RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic - if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi && \ + # Output the current contents of the file + cat /env-cargo # Enable MiMalloc to improve performance on Alpine builds ARG DB=sqlite,mysql,postgresql,enable_mimalloc diff --git a/docker/README.md b/docker/README.md index ad81e3b99e..314e8aa132 100644 --- a/docker/README.md +++ b/docker/README.md @@ -112,10 +112,10 @@ docker/bake.sh ## Variables supported | Variable | default | description | | --------------------- | ------------------ | ----------- | -| CARGO_PROFILE | null | Which cargo profile to use. `null` means what is defined in the Dockerfile | -| DB | null | Which `features` to build. `null` means what is defined in the Dockerfile | -| SOURCE_REPOSITORY_URL | null | The source repository form where this build is triggered | -| SOURCE_COMMIT | null | The commit hash of the current commit for this build | -| SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit | -| BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" | +| CARGO_PROFILE | null | Which cargo profile to use. `null` means what is defined in the Dockerfile | +| DB | null | Which `features` to build. `null` means what is defined in the Dockerfile | +| SOURCE_REPOSITORY_URL | null | The source repository form where this build is triggered | +| SOURCE_COMMIT | null | The commit hash of the current commit for this build | +| SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit | +| BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" | | CONTAINER_REGISTRIES | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` | From 79903d241b41befb04f4195fbdd37244b60cf6e9 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 19 Oct 2023 16:04:26 +0200 Subject: [PATCH 4/4] Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1 --- .github/workflows/build.yml | 34 +--- .github/workflows/release.yml | 1 + .pre-commit-config.yaml | 2 +- Cargo.lock | 335 ++++++++++++++++++++++------------ Cargo.toml | 18 +- Dockerfile | 2 +- docker/DockerSettings.yaml | 7 +- docker/Dockerfile.alpine | 37 ++-- docker/Dockerfile.debian | 42 +++-- docker/Dockerfile.j2 | 42 +++-- docker/Makefile | 1 + docker/README.md | 66 ++++++- docker/bake.sh | 20 +- docker/bake_env.sh | 33 ++++ docker/docker-bake.hcl | 34 +++- docker/healthcheck.sh | 2 +- docker/podman-bake.sh | 105 +++++++++++ 17 files changed, 552 insertions(+), 229 deletions(-) create mode 100644 docker/bake_env.sh create mode 100755 docker/podman-bake.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 446b0fcef8..908a769f3c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -114,46 +114,46 @@ jobs: prefix-key: "v2023.07-rust" # End Enable Rust Caching - # Run cargo tests (In release mode to speed up future builds) + # Run cargo tests # First test all features together, afterwards test them separately. - name: "test features: sqlite,mysql,postgresql,enable_mimalloc" id: test_sqlite_mysql_postgresql_mimalloc if: $${{ always() }} run: | - cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc + cargo test --features sqlite,mysql,postgresql,enable_mimalloc - name: "test features: sqlite,mysql,postgresql" id: test_sqlite_mysql_postgresql if: $${{ always() }} run: | - cargo test --release --features sqlite,mysql,postgresql + cargo test --features sqlite,mysql,postgresql - name: "test features: sqlite" id: test_sqlite if: $${{ always() }} run: | - cargo test --release --features sqlite + cargo test --features sqlite - name: "test features: mysql" id: test_mysql if: $${{ always() }} run: | - cargo test --release --features mysql + cargo test --features mysql - name: "test features: postgresql" id: test_postgresql if: $${{ always() }} run: | - cargo test --release --features postgresql + cargo test --features postgresql # End Run cargo tests - # Run cargo clippy, and fail on warnings (In release mode to speed up future builds) + # Run cargo clippy, and fail on warnings - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc" id: clippy if: ${{ always() && matrix.channel == 'rust-toolchain' }} run: | - cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings + cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings # End Run cargo clippy @@ -195,21 +195,3 @@ jobs: run: | echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - - - # Build the binary to upload to the artifacts - - name: "build features: sqlite,mysql,postgresql" - if: ${{ matrix.channel == 'rust-toolchain' }} - run: | - cargo build --release --features sqlite,mysql,postgresql - # End Build the binary - - # TODO: We should not upload these. We should extract Alpine build binaries from the containers and upload them - # # Upload artifact to Github Actions - # - name: "Upload artifact" - # uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - # if: ${{ matrix.channel == 'rust-toolchain' }} - # with: - # name: vaultwarden - # path: target/release/vaultwarden - # # End Upload artifact to Github Actions diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 21c9d4c7a5..ae68bc1d76 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,6 +14,7 @@ on: branches: # Only on paths above - main + - release-build-revision tags: # Always, regardless of paths above - '*' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0d7abeb75b..39ce1cb556 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-yaml - id: check-json diff --git a/Cargo.lock b/Cargo.lock index 1fe5792e84..7cb84d651e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,6 +17,17 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "ahash" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +dependencies = [ + "getrandom", + "once_cell", + "version_check", +] + [[package]] name = "ahash" version = "0.8.3" @@ -98,9 +109,9 @@ dependencies = [ [[package]] name = "async-compression" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb42b2197bf15ccb092b62c74515dbd8b86d0effd934795f6687c93b6e679a2c" +checksum = "f658e2baef915ba0f26f1f7c42bfb8e12f532a01f449a090ded75ae7a07e9ba2" dependencies = [ "brotli", "flate2", @@ -112,9 +123,9 @@ dependencies = [ [[package]] name = "async-executor" -version = "1.5.4" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c1da3ae8dabd9c00f453a329dfe1fb28da3c0a72e2478cdcd93171740c20499" +checksum = "4b0c4a4f319e45986f347ee47fef8bf5e81c9abc3f6f58dc2391439f30df65f0" dependencies = [ "async-lock", "async-task", @@ -153,9 +164,9 @@ dependencies = [ "log", "parking", "polling", - "rustix 0.37.24", + "rustix 0.37.26", "slab", - "socket2 0.4.9", + "socket2 0.4.10", "waker-fn", ] @@ -181,7 +192,7 @@ dependencies = [ "cfg-if", "event-listener 3.0.0", "futures-lite", - "rustix 0.38.18", + "rustix 0.38.20", "windows-sys", ] @@ -197,7 +208,7 @@ dependencies = [ "cfg-if", "futures-core", "futures-io", - "rustix 0.38.18", + "rustix 0.38.20", "signal-hook-registry", "slab", "windows-sys", @@ -254,15 +265,15 @@ dependencies = [ [[package]] name = "async-task" -version = "4.4.1" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9441c6b2fe128a7c2bf680a44c34d0df31ce09e5b7e401fcca3faa483dbc921" +checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1" [[package]] name = "async-trait" -version = "0.1.73" +version = "0.1.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" +checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" dependencies = [ "proc-macro2", "quote", @@ -343,9 +354,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "blake2" @@ -432,12 +443,12 @@ version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5" dependencies = [ - "ahash", + "ahash 0.8.3", "async-trait", "cached_proc_macro", "cached_proc_macro_types", "futures", - "hashbrown 0.14.1", + "hashbrown 0.14.2", "instant", "once_cell", "thiserror", @@ -512,6 +523,16 @@ dependencies = [ "phf_codegen", ] +[[package]] +name = "chumsky" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23170228b96236b5a7299057ac284a321457700bc8c41a4476052f0f4ba5349d" +dependencies = [ + "hashbrown 0.12.3", + "stacker", +] + [[package]] name = "concurrent-queue" version = "2.3.0" @@ -595,9 +616,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" [[package]] name = "cpufeatures" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +checksum = "3fbc60abd742b35f2492f808e1abbb83d45f72db402e14c55057edc9c7b1e9e4" dependencies = [ "libc", ] @@ -683,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" dependencies = [ "cfg-if", - "hashbrown 0.14.1", + "hashbrown 0.14.2", "lock_api", "once_cell", "parking_lot_core", @@ -703,9 +724,12 @@ checksum = "41b319d1b62ffbd002e057f36bebd1f42b9f97927c9577461d855f3513c4289f" [[package]] name = "deranged" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" +checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +dependencies = [ + "powerfmt", +] [[package]] name = "devise" @@ -733,7 +757,7 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35b50dba0afdca80b187392b24f2499a88c336d5a8493e4b4ccfb608708be56a" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "proc-macro2", "proc-macro2-diagnostics", "quote", @@ -746,7 +770,7 @@ version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "byteorder", "chrono", "diesel_derives", @@ -950,9 +974,9 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.27" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010" +checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" dependencies = [ "crc32fast", "miniz_oxide", @@ -1219,14 +1243,17 @@ name = "hashbrown" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +dependencies = [ + "ahash 0.7.6", +] [[package]] name = "hashbrown" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" +checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156" dependencies = [ - "ahash", + "ahash 0.8.3", "allocator-api2", ] @@ -1331,7 +1358,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.4.9", + "socket2 0.4.10", "tokio", "tower-service", "tracing", @@ -1353,16 +1380,16 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.57" +version = "0.1.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613" +checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", "wasm-bindgen", - "windows", + "windows-core", ] [[package]] @@ -1429,7 +1456,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" dependencies = [ "equivalent", - "hashbrown 0.14.1", + "hashbrown 0.14.2", ] [[package]] @@ -1464,7 +1491,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2 0.5.4", + "socket2 0.5.5", "widestring", "windows-sys", "winreg", @@ -1483,7 +1510,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.18", + "rustix 0.38.20", "windows-sys", ] @@ -1521,13 +1548,13 @@ dependencies = [ [[package]] name = "jsonwebtoken" -version = "8.3.0" +version = "9.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" +checksum = "1e863f95209c79b9b8b001c4b03463385f890a765dbc4e0802cb8d4177e3e410" dependencies = [ "base64 0.21.4", "pem", - "ring", + "ring 0.17.5", "serde", "serde_json", "simple_asn1", @@ -1550,31 +1577,33 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "lettre" -version = "0.10.4" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d" +checksum = "d47084ad58f99c26816d174702f60e873f861fcef3f9bd6075b4ad2dd72d07d5" dependencies = [ "async-std", "async-trait", "base64 0.21.4", + "chumsky", "email-encoding", "email_address", - "fastrand 1.9.0", + "fastrand 2.0.1", "futures-io", "futures-util", "hostname", "httpdate", - "idna 0.3.0", + "idna 0.4.0", "mime", "native-tls", "nom", "once_cell", "quoted_printable", "serde", - "socket2 0.4.9", + "socket2 0.5.5", "tokio", "tokio-native-tls", "tracing", + "url", ] [[package]] @@ -1624,9 +1653,9 @@ checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "lock_api" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" +checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" dependencies = [ "autocfg", "scopeguard", @@ -1924,7 +1953,7 @@ version = "0.10.57" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "cfg-if", "foreign-types", "libc", @@ -1980,9 +2009,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking" -version = "2.1.1" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e52c774a4c39359c1d1c52e43f73dd91a75a614652c825408eec30c95a9b2067" +checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" [[package]] name = "parking_lot" @@ -1996,13 +2025,13 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.8" +version = "0.9.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" +checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.4.1", "smallvec", "windows-targets", ] @@ -2058,11 +2087,12 @@ dependencies = [ [[package]] name = "pem" -version = "1.1.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" dependencies = [ - "base64 0.13.1", + "base64 0.21.4", + "serde", ] [[package]] @@ -2205,6 +2235,12 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -2248,6 +2284,15 @@ version = "2.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac" +[[package]] +name = "psm" +version = "0.1.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874" +dependencies = [ + "cc", +] + [[package]] name = "publicsuffix" version = "2.2.3" @@ -2291,9 +2336,9 @@ dependencies = [ [[package]] name = "quoted_printable" -version = "0.4.8" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49" +checksum = "79ec282e887b434b68c18fe5c121d38e72a5cf35119b59e54ec5b992ea9c8eb0" [[package]] name = "r2d2" @@ -2354,6 +2399,15 @@ dependencies = [ "bitflags 1.3.2", ] +[[package]] +name = "redox_syscall" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +dependencies = [ + "bitflags 1.3.2", +] + [[package]] name = "ref-cast" version = "1.0.20" @@ -2376,14 +2430,14 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.0" +version = "1.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d119d7c7ca818f8a53c300863d4f87566aac09943aef5b355bb83969dae75d87" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.1", - "regex-syntax 0.8.0", + "regex-automata 0.4.3", + "regex-syntax 0.8.2", ] [[package]] @@ -2397,13 +2451,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.1" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "465c6fc0621e4abc4187a2bda0937bfd4f722c2730b29562e19689ea796c9a4b" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.0", + "regex-syntax 0.8.2", ] [[package]] @@ -2414,9 +2468,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.0" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3cbb081b9784b07cceb8824c8583f86db4814d172ab043f3c23f7dc600bf83d" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "reopen" @@ -2494,11 +2548,25 @@ dependencies = [ "libc", "once_cell", "spin 0.5.2", - "untrusted", + "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys", +] + [[package]] name = "rmp" version = "0.8.12" @@ -2640,9 +2708,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.37.24" +version = "0.37.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4279d76516df406a8bd37e7dff53fd37d1a093f997a3c34a5c21658c126db06d" +checksum = "84f3f8f960ed3b5a59055428714943298bf3fa2d4a1d53135084e0544829d995" dependencies = [ "bitflags 1.3.2", "errno", @@ -2654,11 +2722,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.18" +version = "0.38.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a74ee2d7c2581cd139b42447d7d9389b889bdaad3a73f1ebb16f2a3237bb19c" +checksum = "67ce50cb2e16c2903e30d1cbccfd8387a74b9d4c938b6a4c5ec6cc7556f7a8a0" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "errno", "libc", "linux-raw-sys 0.4.10", @@ -2672,7 +2740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", - "ring", + "ring 0.16.20", "rustls-webpki", "sct", ] @@ -2692,8 +2760,8 @@ version = "0.101.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -2753,8 +2821,8 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -2788,9 +2856,9 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537" dependencies = [ "serde_derive", ] @@ -2807,9 +2875,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5" dependencies = [ "proc-macro2", "quote", @@ -2890,6 +2958,16 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "signal-hook" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" +dependencies = [ + "libc", + "signal-hook-registry", +] + [[package]] name = "signal-hook-registry" version = "1.4.1" @@ -2934,9 +3012,9 @@ checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" [[package]] name = "socket2" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" +checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" dependencies = [ "libc", "winapi", @@ -2944,9 +3022,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.4" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4031e820eb552adee9295814c0ced9e5cf38ddf1e8b7d566d6de8e2538ea989e" +checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" dependencies = [ "libc", "windows-sys", @@ -2973,6 +3051,19 @@ dependencies = [ "memchr", ] +[[package]] +name = "stacker" +version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c886bd4480155fd3ef527d45e9ac8dd7118a898a46530b7b94c3e21866259fce" +dependencies = [ + "cc", + "cfg-if", + "libc", + "psm", + "winapi", +] + [[package]] name = "state" version = "0.6.0" @@ -3058,25 +3149,25 @@ checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" dependencies = [ "cfg-if", "fastrand 2.0.1", - "redox_syscall", - "rustix 0.38.18", + "redox_syscall 0.3.5", + "rustix 0.38.20", "windows-sys", ] [[package]] name = "thiserror" -version = "1.0.49" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" +checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.49" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" +checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" dependencies = [ "proc-macro2", "quote", @@ -3104,14 +3195,15 @@ dependencies = [ [[package]] name = "time" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" +checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" dependencies = [ "deranged", "itoa", "libc", "num_threads", + "powerfmt", "serde", "time-core", "time-macros", @@ -3161,7 +3253,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.4", + "socket2 0.5.5", "tokio-macros", "windows-sys", ] @@ -3325,11 +3417,10 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" -version = "0.1.37" +version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "cfg-if", "log", "pin-project-lite", "tracing-attributes", @@ -3338,9 +3429,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", @@ -3349,9 +3440,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.31" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" dependencies = [ "once_cell", "valuable", @@ -3388,9 +3479,9 @@ dependencies = [ [[package]] name = "trust-dns-proto" -version = "0.23.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dc775440033cb114085f6f2437682b194fa7546466024b1037e82a48a052a69" +checksum = "559ac980345f7f5020883dd3bcacf176355225e01916f8c2efecad7534f682c6" dependencies = [ "async-trait", "cfg-if", @@ -3413,9 +3504,9 @@ dependencies = [ [[package]] name = "trust-dns-resolver" -version = "0.23.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dff7aed33ef3e8bf2c9966fccdfed93f93d46f432282ea875cd66faabc6ef2f" +checksum = "c723b0e608b24ad04c73b2607e0241b2c98fd79795a95e98b068b6966138a29d" dependencies = [ "cfg-if", "futures-util", @@ -3521,6 +3612,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "url" version = "2.4.1" @@ -3541,9 +3638,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" [[package]] name = "uuid" -version = "1.4.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d" +checksum = "88ad59a7560b41a70d191093a945f0b87bc1deeda46fb237479708a1d6b6cdfc" dependencies = [ "getrandom", ] @@ -3556,9 +3653,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] name = "value-bag" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d92ccd67fb88503048c01b59152a04effd0782d035a83a6d256ce6085f08f4a3" +checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe" [[package]] name = "vaultwarden" @@ -3601,7 +3698,7 @@ dependencies = [ "rand", "regex", "reqwest", - "ring", + "ring 0.17.5", "rmpv", "rocket", "rocket_ws", @@ -3775,14 +3872,15 @@ dependencies = [ [[package]] name = "which" -version = "4.4.2" +version = "5.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +checksum = "9bf3ea8596f3a0dd5980b46430f2058dfe2c36a27ccfbb1845d6fbfcd9ba6e14" dependencies = [ "either", "home", "once_cell", - "rustix 0.38.18", + "rustix 0.38.20", + "windows-sys", ] [[package]] @@ -3831,6 +3929,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-core" +version = "0.51.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-sys" version = "0.48.0" @@ -3899,9 +4006,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "winnow" -version = "0.5.16" +version = "0.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "037711d82167854aff2018dfd193aa0fef5370f456732f0d5a0c59b0f1b4b907" +checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c" dependencies = [ "memchr", ] diff --git a/Cargo.toml b/Cargo.toml index 8c279c0d21..ecb7f91746 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,7 +42,7 @@ syslog = "6.1.0" # Logging log = "0.4.20" fern = { version = "0.6.2", features = ["syslog-6", "reopen-1"] } -tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work +tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work # A `dotenv` implementation for Rust dotenvy = { version = "0.15.7", default-features = false } @@ -71,7 +71,7 @@ futures = "0.3.28" tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } # A generic serialization/deserialization framework -serde = { version = "1.0.188", features = ["derive"] } +serde = { version = "1.0.189", features = ["derive"] } serde_json = "1.0.107" # A safe, extensible ORM and Query builder @@ -84,15 +84,15 @@ libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true } # Crypto-related libraries rand = { version = "0.8.5", features = ["small_rng"] } -ring = "0.16.20" +ring = "0.17.5" # UUID generation -uuid = { version = "1.4.1", features = ["v4"] } +uuid = { version = "1.5.0", features = ["v4"] } # Date and time libraries chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false } chrono-tz = "0.8.3" -time = "0.3.29" +time = "0.3.30" # Job scheduler job_scheduler_ng = "2.0.4" @@ -101,7 +101,7 @@ job_scheduler_ng = "2.0.4" data-encoding = "2.4.0" # JWT library -jsonwebtoken = "8.3.0" +jsonwebtoken = "9.0.0" # TOTP library totp-lite = "2.0.0" @@ -116,7 +116,7 @@ webauthn-rs = "0.3.2" url = "2.4.1" # Email libraries -lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } +lettre = { version = "0.11.0", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails email_address = "0.2.4" @@ -128,7 +128,7 @@ reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip" # Favicon extraction libraries html5gum = "0.5.7" -regex = { version = "1.10.0", features = ["std", "perf", "unicode-perl"], default-features = false } +regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false } data-url = "0.3.0" bytes = "1.5.0" @@ -158,7 +158,7 @@ semver = "1.0.20" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true } -which = "4.4.2" +which = "5.0.0" # Argon2 library with support for the PHC format argon2 = "0.5.2" diff --git a/Dockerfile b/Dockerfile index c99d6e504e..e4ce2a8130 120000 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1 @@ -docker/amd64/Dockerfile \ No newline at end of file +docker/Dockerfile.debian \ No newline at end of file diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml index 2ad1eb1460..908f972131 100644 --- a/docker/DockerSettings.yaml +++ b/docker/DockerSettings.yaml @@ -1,6 +1,9 @@ --- -vault_version: "v2023.8.2" -vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" +vault_version: "v2023.9.1" +vault_image_digest: "sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd" +# Cross Compile Docker Helper Scripts v1.3.0 +# We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts +xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc" rust_version: 1.73.0 # Rust version to be used debian_version: bookworm # Debian release name to be used alpine_version: 3.18 # Alpine version to be used diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 6bfe90ad35..8a8332f080 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -18,15 +18,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] +# $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1 +# [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd +# [docker.io/vaultwarden/web-vault:v2023.9.1] # -FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault ########################## ALPINE BUILD IMAGES ########################## ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 @@ -65,11 +65,6 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - # Shared variables across Debian and Alpine RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic @@ -84,6 +79,12 @@ RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder @@ -113,7 +114,7 @@ RUN source /env-cargo && \ # Create a new stage with a minimal image # because we already have a binary built # -# For these images to be able to built you need to have qemu binfmt support. +# To build these images you need to have qemu binfmt support. # See the following pages to help install these tools locally # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 @@ -123,7 +124,9 @@ RUN source /env-cargo && \ # See: https://github.com/tonistiigi/binfmt # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' -FROM docker.io/library/alpine:3.18 +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.18 ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ @@ -133,10 +136,10 @@ ENV ROCKET_PROFILE="release" \ # Create data folder and Install needed libraries RUN mkdir /data && \ apk --no-cache add \ - ca-certificates \ - curl \ - openssl \ - tzdata + ca-certificates \ + curl \ + openssl \ + tzdata VOLUME /data EXPOSE 80 diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index 8607e63a3b..6d4522a74a 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -18,18 +18,20 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] +# $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1 +# [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd +# [docker.io/vaultwarden/web-vault:v2023.9.1] # -FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault ########################## Cross Compile Docker Helper Scripts ########################## -FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx +## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts +## And these bash scripts do not have any significant difference if at all +FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx ########################## BUILD IMAGE ########################## # hadolint ignore=DL3006 @@ -51,11 +53,14 @@ ENV DEBIAN_FRONTEND=noninteractive \ # Install clang to get `xx-cargo` working # Install pkg-config to allow amd64 builds to find all libraries +# Install git so build.rs can determine the correct version # Install the libc cross packages based upon the debian-arch RUN apt-get update && \ apt-get install -y \ --no-install-recommends \ - clang pkg-config \ + clang \ + pkg-config \ + git \ "libc6-$(xx-info debian-arch)-cross" \ "libc6-dev-$(xx-info debian-arch)-cross" \ "linux-libc-dev-$(xx-info debian-arch)-cross" && \ @@ -82,11 +87,6 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - # Environment variables for cargo across Debian and Alpine RUN source /env-cargo && \ if xx-info is-cross ; then \ @@ -109,6 +109,12 @@ RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder @@ -138,7 +144,7 @@ RUN source /env-cargo && \ # Create a new stage with a minimal image # because we already have a binary built # -# For these images to be able to built you need to have qemu binfmt support. +# To build these images you need to have qemu binfmt support. # See the following pages to help install these tools locally # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 @@ -148,7 +154,9 @@ RUN source /env-cargo && \ # See: https://github.com/tonistiigi/binfmt # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' -FROM docker.io/library/debian:bookworm-slim +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ @@ -164,8 +172,8 @@ RUN mkdir /data && \ libmariadb-dev-compat \ libpq5 \ openssl && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + apt-get clean && \ + rm -rf /var/lib/apt/lists/* VOLUME /data EXPOSE 80 diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index 5748850ee1..7fa39bfbc2 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -30,7 +30,9 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_diges {% if base == "debian" %} ########################## Cross Compile Docker Helper Scripts ########################## -FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx +## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts +## And these bash scripts do not have any significant difference if at all +FROM --platform=linux/amd64 docker.io/tonistiigi/xx@{{ xx_image_digest }} AS xx {% elif base == "alpine" %} ########################## ALPINE BUILD IMAGES ########################## ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 @@ -69,11 +71,14 @@ ENV DEBIAN_FRONTEND=noninteractive \ # Install clang to get `xx-cargo` working # Install pkg-config to allow amd64 builds to find all libraries +# Install git so build.rs can determine the correct version # Install the libc cross packages based upon the debian-arch RUN apt-get update && \ apt-get install -y \ --no-install-recommends \ - clang pkg-config \ + clang \ + pkg-config \ + git \ "libc6-$(xx-info debian-arch)-cross" \ "libc6-dev-$(xx-info debian-arch)-cross" \ "linux-libc-dev-$(xx-info debian-arch)-cross" && \ @@ -101,19 +106,14 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - {% if base == "debian" %} # Environment variables for cargo across Debian and Alpine RUN source /env-cargo && \ if xx-info is-cross ; then \ # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. # Because of this we generate the needed environment variables here which we can load in the needed steps. - echo "export CC_$(echo ${CARGO_TARGET} | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ - echo "export CARGO_TARGET_$(echo ${CARGO_TARGET} | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ echo "export CROSS_COMPILE=1" >> /env-cargo && \ echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ @@ -140,6 +140,12 @@ RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder @@ -169,7 +175,7 @@ RUN source /env-cargo && \ # Create a new stage with a minimal image # because we already have a binary built # -# For these images to be able to built you need to have qemu binfmt support. +# To build these images you need to have qemu binfmt support. # See the following pages to help install these tools locally # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 @@ -179,7 +185,9 @@ RUN source /env-cargo && \ # See: https://github.com/tonistiigi/binfmt # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' -FROM {{ runtime_stage_image[base] }} +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM {{ runtime_stage_image[base] }} ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ @@ -200,14 +208,14 @@ RUN mkdir /data && \ libmariadb-dev-compat \ libpq5 \ openssl && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + apt-get clean && \ + rm -rf /var/lib/apt/lists/* {% elif base == "alpine" %} apk --no-cache add \ - ca-certificates \ - curl \ - openssl \ - tzdata + ca-certificates \ + curl \ + openssl \ + tzdata {% endif %} VOLUME /data diff --git a/docker/Makefile b/docker/Makefile index 74c4bae551..e8c0760a5e 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -1,3 +1,4 @@ all: ./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian ./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine +.PHONY: all diff --git a/docker/README.md b/docker/README.md index 314e8aa132..3c74043c02 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,7 +1,7 @@ # Vaultwarden Container Building To build and release new testing and stable releases of Vaultwarden we use `docker buildx bake`.
-This can be used locally by running the command your self, but it is also used by GitHub Actions. +This can be used locally by running the command yourself, but it is also used by GitHub Actions. This makes it easier for us to test and maintain the different architectures we provide.
We also just have two Dockerfile's one for Debian and one for Alpine based images.
@@ -67,7 +67,7 @@ docker buildx bake --file docker/docker-bake.hcl alpine-armv6 ## Local Multi Architecture container building -Start the the initialization, this only needs to be done once. +Start the initialization, this only needs to be done once. ```bash # Create and use a new buildx builder instance which connects to the host network @@ -92,6 +92,7 @@ CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \ docker buildx bake --file docker/docker-bake.hcl alpine-multi ``` + ## Using the `bake.sh` script To make it a bit more easier to trigger a build, there also is a `bake.sh` script.
@@ -109,6 +110,66 @@ Or if you want to just build a Debian container from the repo root, you can run docker/bake.sh ``` +You can append both `alpine` and `debian` with `-amd64`, `-arm64`, `-armv7` or `-armv6`, which will trigger a build for that specific platform.
+This will also append those values to the tag so you can see the builded container when running `docker images`. + +You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use. +```bash +docker/bake.sh alpine-all --print +``` + +### Testing baked images + +To test these images you can run these images by using the correct tag and provide the platform.
+For example, after you have build an arm64 image via `./bake.sh debian-arm64` you can run: +```bash +docker run --rm -it \ + -e DISABLE_ADMIN_TOKEN=true \ + -e I_REALLY_WANT_VOLATILE_STORAGE=true \ + -p8080:80 --platform=linux/arm64 \ + vaultwarden/server:testing-arm64 +``` + + +## Using the `podman-bake.sh` script + +To also make building easier using podman, there is a `podman-bake.sh` script.
+This script calls `podman buildx build` with the needed parameters and the same as `bake.sh`, it will generate some variables automatically.
+This script can be called from both the repo root or within the docker directory. + +**NOTE:** Unlike the `bake.sh` script, this only supports a single `CONTAINER_REGISTRIES`, and a single `BASE_TAGS` value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers. + +To build an Alpine arm64 image with only sqlite support and mimalloc, run this: +```bash +DB="sqlite,enable_mimalloc" \ +./podman-bake.sh alpine-arm64 +``` + +Or if you want to just build a Debian container from the repo root, you can run this. +```bash +docker/podman-bake.sh +``` + +You can append extra arguments after the target if you want. This can be useful for example to disable cache like this. +```bash +./podman-bake.sh alpine-arm64 --no-cache +``` + +For the podman builds you can, just like the `bake.sh` script, also append the architecture to build for that specific platform.
+ +### Testing podman builded images + +The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with `localhost/`, so you need to prepend that. + +```bash +podman run --rm -it \ + -e DISABLE_ADMIN_TOKEN=true \ + -e I_REALLY_WANT_VOLATILE_STORAGE=true \ + -p8080:80 --platform=linux/arm64 \ + localhost/vaultwarden/server:testing-arm64 +``` + + ## Variables supported | Variable | default | description | | --------------------- | ------------------ | ----------- | @@ -119,3 +180,4 @@ docker/bake.sh | SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit | | BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" | | CONTAINER_REGISTRIES | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` | +| VW_VERSION | null | To override the `SOURCE_VERSION` value. This is also used by the `build.rs` code for example | diff --git a/docker/bake.sh b/docker/bake.sh index fa10179d71..8aeac2fb1d 100755 --- a/docker/bake.sh +++ b/docker/bake.sh @@ -1,25 +1,15 @@ -#!/usr/bin/env sh +#!/usr/bin/env bash # Determine the basedir of this script. # It should be located in the same directory as the docker-bake.hcl # This ensures you can run this script from both inside and outside of the docker directory BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") -if [ -z "${SOURCE_COMMIT}" ]; then - SOURCE_COMMIT="$(git rev-parse HEAD)" -fi +# Load build env's +source "${BASEDIR}/bake_env.sh" -GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" -if [ -n "${GIT_EXACT_TAG}" ]; then - SOURCE_VERSION="${GIT_EXACT_TAG}" -else - GIT_LAST_TAG="$(git describe --tags --abbrev=0)" - SOURCE_VERSION="${GIT_LAST_TAG}-$(printf '%s' "${SOURCE_COMMIT}" | cut -c 8)" -fi - -# Export the rendered variables above so bake will use them -export SOURCE_COMMIT -export SOURCE_VERSION +# Be verbose on what is being executed +set -x # Make sure we set the context to `..` so it will go up one directory docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@" diff --git a/docker/bake_env.sh b/docker/bake_env.sh new file mode 100644 index 0000000000..343f89520c --- /dev/null +++ b/docker/bake_env.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# If SOURCE_COMMIT is provided via env skip this +if [ -z "${SOURCE_COMMIT+x}" ]; then + SOURCE_COMMIT="$(git rev-parse HEAD)" +fi + +# If VW_VERSION is provided via env use it as SOURCE_VERSION +# Else define it using git +if [[ -n "${VW_VERSION}" ]]; then + SOURCE_VERSION="${VW_VERSION}" +else + GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" + if [[ -n "${GIT_EXACT_TAG}" ]]; then + SOURCE_VERSION="${GIT_EXACT_TAG}" + else + GIT_LAST_TAG="$(git describe --tags --abbrev=0)" + SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" + GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" + case "${GIT_BRANCH}" in + main|master|HEAD) + # Do not add the branch name for these branches + ;; + *) + SOURCE_VERSION="${SOURCE_VERSION} (${GIT_BRANCH})" + ;; + esac + fi +fi + +# Export the rendered variables above so bake will use them +export SOURCE_COMMIT +export SOURCE_VERSION diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl index bc25ca590b..332b46c901 100644 --- a/docker/docker-bake.hcl +++ b/docker/docker-bake.hcl @@ -29,6 +29,12 @@ variable "SOURCE_VERSION" { default = null } +// This can be used to overwrite SOURCE_VERSION +// It will be used during the build.rs building stage +variable "VW_VERSION" { + default = null +} + // The base tag(s) to use // This can be a comma separated value like "testing,1.29.2" variable "BASE_TAGS" { @@ -51,9 +57,10 @@ group "default" { // ==== Shared Baking ==== - -target "_default_attributes" { - labels = { +function "labels" { + params = [] + result = { + "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}" "org.opencontainers.image.licenses" = "AGPL-3.0-only" "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki" "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden" @@ -62,9 +69,14 @@ target "_default_attributes" { "org.opencontainers.image.revision" = "${SOURCE_COMMIT}" "org.opencontainers.image.version" = "${SOURCE_VERSION}" } +} + +target "_default_attributes" { + labels = labels() args = { DB = "${DB}" CARGO_PROFILE = "${CARGO_PROFILE}" + VW_VERSION = "${VW_VERSION}" } } @@ -75,8 +87,8 @@ target "_default_attributes" { target "debian" { inherits = ["_default_attributes"] dockerfile = "docker/Dockerfile.debian" - output = ["type=docker"] tags = generate_tags("", platform_tag()) + output = [join(",", flatten([["type=docker"], image_index_annotations()]))] } // Multi Platform target, will build one tagged manifest with all supported architectures @@ -85,7 +97,7 @@ target "debian-multi" { inherits = ["debian"] platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] tags = generate_tags("", "") - output = ["type=registry"] + output = [join(",", flatten([["type=registry"], image_index_annotations()]))] } // Per platform targets, to individually test building per platform locally @@ -125,8 +137,8 @@ group "debian-all" { target "alpine" { inherits = ["_default_attributes"] dockerfile = "docker/Dockerfile.alpine" - output = ["type=docker"] tags = generate_tags("-alpine", platform_tag()) + output = [join(",", flatten([["type=docker"], image_index_annotations()]))] } // Multi Platform target, will build one tagged manifest with all supported architectures @@ -135,7 +147,7 @@ target "alpine-multi" { inherits = ["alpine"] platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] tags = generate_tags("-alpine", "") - output = ["type=registry"] + output = [join(",", flatten([["type=registry"], image_index_annotations()]))] } // Per platform targets, to individually test building per platform locally @@ -207,3 +219,11 @@ function "generate_tags" { concat(["${registry}:${base_tag}${suffix}${platform}"])] ]) } + +function "image_index_annotations" { + params = [] + result = flatten([ + for key, value in labels() : + value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : [] + ]) +} diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh index ee95d57d68..5021b187dc 100755 --- a/docker/healthcheck.sh +++ b/docker/healthcheck.sh @@ -10,7 +10,7 @@ CONFIG_FILE="${DATA_FOLDER}"/config.json # Given a config key, return the corresponding config value from the # config file. If the key doesn't exist, return an empty string. get_config_val() { - local key="$1" + key="$1" # Extract a line of the form: # "domain": "https://bw.example.com/path", grep "\"${key}\":" "${CONFIG_FILE}" | diff --git a/docker/podman-bake.sh b/docker/podman-bake.sh new file mode 100755 index 0000000000..9c97825ef7 --- /dev/null +++ b/docker/podman-bake.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env bash + +# Determine the basedir of this script. +# It should be located in the same directory as the docker-bake.hcl +# This ensures you can run this script from both inside and outside of the docker directory +BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") + +# Load build env's +source "${BASEDIR}/bake_env.sh" + +# Check if a target is given as first argument +# If not we assume the defaults and pass the given arguments to the podman command +case "${1}" in + alpine*|debian*) + TARGET="${1}" + # Now shift the $@ array so we only have the rest of the arguments + # This allows us too append these as extra arguments too the podman buildx build command + shift + ;; +esac + +LABEL_ARGS=( + --label org.opencontainers.image.description="Unofficial Bitwarden compatible server written in Rust" + --label org.opencontainers.image.licenses="AGPL-3.0-only" + --label org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki" + --label org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden" + --label org.opencontainers.image.created="$(date --utc --iso-8601=seconds)" +) +if [[ -n "${SOURCE_REPOSITORY_URL}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}") +fi +if [[ -n "${SOURCE_COMMIT}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.revision="${SOURCE_COMMIT}") +fi +if [[ -n "${SOURCE_VERSION}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.version="${SOURCE_VERSION}") +fi + +# Check if and which --build-arg arguments we need to configure +BUILD_ARGS=() +if [[ -n "${DB}" ]]; then + BUILD_ARGS+=(--build-arg DB="${DB}") +fi +if [[ -n "${CARGO_PROFILE}" ]]; then + BUILD_ARGS+=(--build-arg CARGO_PROFILE="${CARGO_PROFILE}") +fi +if [[ -n "${VW_VERSION}" ]]; then + BUILD_ARGS+=(--build-arg VW_VERSION="${VW_VERSION}") +fi + +# Set the default BASE_TAGS if non are provided +if [[ -z "${BASE_TAGS}" ]]; then + BASE_TAGS="testing" +fi + +# Set the default CONTAINER_REGISTRIES if non are provided +if [[ -z "${CONTAINER_REGISTRIES}" ]]; then + CONTAINER_REGISTRIES="vaultwarden/server" +fi + +# Check which Dockerfile we need to use, default is debian +case "${TARGET}" in + alpine*) + BASE_TAGS="${BASE_TAGS}-alpine" + DOCKERFILE="Dockerfile.alpine" + ;; + *) + DOCKERFILE="Dockerfile.debian" + ;; +esac + +# Check which platform we need to build and append the BASE_TAGS with the architecture +case "${TARGET}" in + *-arm64) + BASE_TAGS="${BASE_TAGS}-arm64" + PLATFORM="linux/arm64" + ;; + *-armv7) + BASE_TAGS="${BASE_TAGS}-armv7" + PLATFORM="linux/arm/v7" + ;; + *-armv6) + BASE_TAGS="${BASE_TAGS}-armv6" + PLATFORM="linux/arm/v6" + ;; + *) + BASE_TAGS="${BASE_TAGS}-amd64" + PLATFORM="linux/amd64" + ;; +esac + +# Be verbose on what is being executed +set -x + +# Build the image with podman +# We use the docker format here since we are using `SHELL`, which is not supported by OCI +# shellcheck disable=SC2086 +podman buildx build \ + --platform="${PLATFORM}" \ + --tag="${CONTAINER_REGISTRIES}:${BASE_TAGS}" \ + --format=docker \ + "${LABEL_ARGS[@]}" \ + "${BUILD_ARGS[@]}" \ + --file="${BASEDIR}/${DOCKERFILE}" "$@" \ + "${BASEDIR}/.."